Hi all,
I have a samba server as member of an AD DC.
In said AD DC there is the 'administrator' user which has the default
UID of 0 (the same as root)
from the ADDC:
# id administrator
uid=0(root) gid=513(SMC\Domain Users) groups=0(root),513(SMC\Domain
Users),3000005(SMC\Group Policy Creator Owners),3000009(SMC\Enterprise
Admins),512(SMC\Domain Admins),3000007(SMC\Schema Admins)
from the member server:
# id administrator
id: administrator: no such user
It also does not appear in wbinfo -u or getent passwd
The issue is that if I log on to a windows machine as the administrator
user I cannot access a share on the member server as it does not
authenticate.
my smb.conf is pretty simple:
[global]
workgroup = SMC
realm = internal.stmaryscollege.co.uk
netbios name = PVE-ARCH-S3-02
security = ADS
encrypt passwords = yes
server role = MEMBER SERVER
idmap config *:backend = tdb
idmap config *:range = 70001-80000
idmap config SMC:backend = ad
idmap config SMC:schema_mode = rfc2307
idmap config SMC:range = 0-40000
winbind nss info = rfc2307
winbind trusted domains only = no
winbind use default domain = yes
winbind enum users = yes
winbind enum groups = yes
(Note: I changed the idmap config SMC:range to include '0' as I thought
this might encourage samba to idmap the root user... but no dice...)
Thanks,
Alex
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
