Web lists-archives.com

Re: [Samba] SSH SSO without keytab file




On Fri, 18 Jan 2019 09:44:27 +0100
"L.P.H. van Belle via samba" <samba@xxxxxxxxxxxxxxx> wrote:

> Hai, 
> 
> > -----Oorspronkelijk bericht-----
> > Van: Harpoon [mailto:harp00n@xxxxxxxxxxxxxx] 
> > Verzonden: vrijdag 18 januari 2019 9:24
> > Aan: L.P.H. van Belle
> > CC: samba@xxxxxxxxxxxxxxx
> > Onderwerp: Re: [Samba] SSH SSO without keytab file
> > 
> > Thanks for the prompt reply!
> Your welkom. 
> 
> > 
> > > I did see that you are using Administrator, and thats the problem.
> > 
> > > Administrator is mapped to root ( most of the time ),
> > > if you assigned Administrator UID = 0 then you have a 
> > problem, because only root = uid 0.
> > >
> > > Never ever give Administrator a UID/GID
> 
> > I am using tdb backend. It mapped administrator account to
> > 12000:10000.
> No no no.. as said, never ever assign administrator a UID/GID. 

He isn't, his borked smb.conf is and it also happens if you use the
'rid' backend:

adminuser@Computer4:~$ getent passwd Administrator
administrator:*:10500:10513::/home/administrator:/bin/bash

> Now your administrator != root anymore and you cannt manage the
> server correctly anymore as user Administrator.

You can, provided you have a user.map in smb.conf

Rowland

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba