Smb multi-sessions, samba3.0.2pre1

Jianliang Lu at
Wed Jan 21 11:04:26 GMT 2004

> On Wed, 2004-01-21 at 01:54, Jianliang Lu wrote:
> Using 'admin users' to get around the 'ldap as not root' issue is the
> wrong fix.  The real thing we need to do is properly implement the
> required ACLs etc, so that we don't need such ugly hacks.
> Andrew Bartlett

The problem is that the smbldap-tools need the uid=0 to run. When I use 
usrmgr to create a new user I'll get a access denied in run "add user 
script"( if the user has not uid=0.  If we deal with "add 
scripts" using uid=0 may overcome this problem (only for ldap backend).
Another problem is for nested group.  If a user would have privileges to 
manager users (like create new user) it must be a member of builtin 
group "Administrators" or "Account operators", but I don't know if a 
globalgroup (like "Domain Admins") could be a member of such group to have 
these privileges. 

My question is: how can we do to have the users which have uid not 0 and have 
the privileges to manage the user account using "User Manager for Domain"?

Jianliang Lu
TieSse s.p.a.     Ivrea (To) - Italy at   luj at

More information about the samba-technical mailing list