[Samba] Re: DID ANYBODY HERE...
Beast
beast at setuid.com
Tue Aug 5 03:55:12 GMT 2003
Tuesday, August 5, 2003, 8:33:07 AM, paul wrote:
> Beast wrote:
>> [root at potato root]# pdbedit -Lv administrator
>> Unix username: administrator
>> NT username: administrator
>> Account Flags: [U ]
>> User SID: S-1-5-21-2897595519-3619093474-3625347041-1000
>> Primary Group SID: S-1-5-21-2897595519-3619093474-3625347041-1001
>> Full Name: Administrator
>> Home Directory:
>> HomeDir Drive:
>> Logon Script: logon.bat
>> Profile Path:
>> Domain: DJKT
>> Account desc:
>> ...
>>
>> With admin uid 0, i can use admin to add machine trust, but when login w2k
>> client can not recognized it as domain admin (ie. can not change IP
>> address on client machine etc.)
> Looks good so far, make sure your "Administrator" is a member of your
> "Domain Admin" group. I'm not sure about how samba checks that, but
> there are only two possible ways to do it I can think of right now.
> 1. Change the "Primary Group SID" of your Administator to the SID of the
> "Domain Admins" global group.
Aaaah........., only this part i did not do some test.
I should think about this before, now it works :=)
Thanks Paul, you save my life, i o u.
Pls send your postal address, i'll send postcard from here...
> 2. Add something like "memberUID: Administrator" to the corresponding
> UNIX group of your "Domain Admins" group.
I already test this before (and again), it did not works even getent
group shows administrator as a member of domadmin.
> good luck
> Paul
Thanks and regards,
--beast
More information about the samba
mailing list