[Samba] Samba PDC/LDAP how to get Win2000 Administrator account?

Buchan Milne bgmilne at cae.co.za
Wed Apr 30 13:42:07 GMT 2003 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> Date: Wed, 30 Apr 2003 16:33:16 +1000
> From: Lance Rathbone <l.rathbone at imb.uq.edu.au>
> To: samba at lists.samba.org
> Subject: [Samba] Samba PDC/LDAP how to get Win2000 Administrator account?
> Message-ID: <p05100303bad51ce40e4a@[130.102.118.14]>
> In-Reply-To: <Pine.LNX.4.50.0304300325590.25098-100000 at dp.samba.org>
> References: <000901c30ea7$53458c60$1000a8c0 at qsi2.com>
>  <Pine.LNX.4.50.0304300011140.25098-100000 at dp.samba.org>
>  <002d01c30ec6$50ac79e0$1000a8c0 at qsi2.com>
>  <Pine.LNX.4.50.0304300325590.25098-100000 at dp.samba.org>
> Content-Type: text/plain; charset="us-ascii" ; format="flowed"
> MIME-Version: 1.0
> Precedence: list
> Message: 7
>
> I have set up samba/PDC /LDAP and am able to logon as a normal user,
> however I am not sure how to create an LDAP user that has
> Administrator privileges on a Windows 2000 PC.
>

You need to have a unix group, to which you map a windows group. Which
tool you use depends on which release of samba3 you are using. Up to
alpha23 used smbgroupedit. And IIRC it only works with LDAP in alpha23
or later. See the man page for details, but basically:

1) find the SID of the windows group:
# smbgroupedit -s
2)Create a unix group for that
# groupadd domadm
3)map the SID to the unix group:
# smbgroupedit -c <SID> -u <unix group>
4)Add unix users to the unix group, and they should be domain admins

> The Samba/LDAP howtos and guides don't seem to cover this topic much.
> If anyone could let me know what I need to do to have administrative
> privileges on a Win2000 machine I'd greatly appreciate it.

This is the stuff I have not got to yet in
http://ranger.dnsalias.com/samba-ldap-advanced.html . Contributions
welcome, otherwise I will try and finish that bit of it tomorrow.

Regards,
Buchan

- --
|--------------Another happy Mandrake Club member--------------|
Buchan Milne                Mechanical Engineer, Network Manager
Cellphone * Work            +27 82 472 2231 * +27 21 8828820x121
Stellenbosch Automotive Engineering         http://www.cae.co.za
GPG Key                   http://ranger.dnsalias.com/bgmilne.asc
1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD4DBQE+r9KurJK6UGDSBKcRAgjuAKCTwtTWTcXQCd3m5XuvB13wY44kBQCUCJb1
jp+Fv+j9GhtTIAV/zVdzzQ==
=BMQm
-----END PGP SIGNATURE-----

More information about the samba mailing list