Web lists-archives.com

Re: [Samba] winbind finds all domain users except Administrator




On Mon, 13 Nov 2017 23:15:15 +0100
Fabian Fritz <fabianfuture@xxxxxx> wrote:

> I see. I know, the range is a bit odd, but I previously used NIS to
> get the Unix users from another machine. Now I'm updating to AD and
> don't use NIS anymore.Since I want to keep all the file ownerships (I
> use this solaris member as a file server), I had to map the domain
> users to that same range.

OK, hindsight is a wonderful thing, but starting the ID range at 100
isn't a good idea (for the reason I gave), but sometimes you have to.

> 
> 
> I used the Administrator to login to some Windows machine in the
> domain and was surprised when I got a ACCESS_DENIED when I tried to
> mount a network share there. So this only happens for Administrator?
> So I have to use one of the users in the domain admins group when I
> need to do administrative stuff on my windows machines and also need
> the shares?

If you use a user.map, Administrator becomes 'root' on Unix domain
members and root can do anything on a Unix domain member.

Try reading this:

https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Windows_ACLs

If you have any questions after reading that, just ask ;-)

Rowland


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba