get_domain_user_groups() improvement.

stephane.purnelle at stephane.purnelle at
Fri Sep 24 08:42:02 GMT 2004

I'am not sure, because the IDEALX samba ldap howto for samba 2.2.x , you
could found this :

Fake user root :

To allow Microsoft Windows 2000 and Xp ...., a root user must exist (uid =
0) and be used when joining a client  to the domain

To create this false user ..... -a -m -g 200 root -u 0  -g  0 root root

For user which begin with a samba 2.2.8, the user root is in LDAP.  And for
add a workstation we use the user root.

Now, we are on samba 3.0.7 (migrating from 2.2.8a when samba 3.0.0 when

Can I use a other user like Administrator ?
Can I delete the root user.


On Thu, 2004-09-23 at 17:14, Igor Belyi wrote:
> Gerald (Jerry) Carter wrote:
> > Andrew Bartlett wrote:
> > |> Maybe you don't care about it anymore, but those people
> > | Sorry - I didn't mean it to come across like that.  Of
> > I should have added a note that this was not a
> > personal comment.  I just want to make sure that no
> I didn't mean to stir a fight... (mwa-ha-ha!) ;o)
> Just to clarify the idea - pushing _all_ NSS calls from common pdbpass
> functions into backends and letting ldapsam backend assume that UNIX
> accounts and groups are in traditianal LDAP objects while keeping all
> other backends to use NSS calls is the right approach. Is that correct?

no, sorry that is not correct.
There is always one account that do not obey that rule, that's root
(never seen anybody putting it into ldap, it is always in /etc/passwd).
And I've seen other environments that also use ldap only for samba user
part storage and not for unix user storage (no nss_ldap on the system).

Stéphane PURNELLE                         stephane.purnelle at
Service Informatique       Corman S.A.           Tel : 00 32 087/342467

More information about the samba-technical mailing list