[Samba] Samba PDC - first Domain Admin
James
james at nttmcl.com
Wed Oct 1 18:00:26 GMT 2008
Hi guys,
i'm trying to setup a samba PDC and was hoping to delegate Admin control
to the "Domain Admins" Group.
The backend is run off of ldap and there is no root user account in the
ldap directory
i set my user "james" with the rid ending in -500
i used:
net rpc rights grant "TESTING/Domain Admins" SeMachineAccountPrivilege
SePrintOperatorPrivilege SeAddUsersPrivilege
SeRemoteShutdownPrivilege SeDiskOperatorPrivilege -U james
i get:
Failed to grant privileges for Domain Admins (NT_STATUS_ACCESS_DENIED)
does the first Admin user HAVE to have uid=0 and be in the ldap directory?
if so can i just shove him in and remove him later?
and does "the net rpc rights grant" command have to be run on every
domain controller or does it right something to ldap so it'll know?
Thanks,
James
More information about the samba
mailing list