Beast beast at setuid.com
Tue Aug 5 03:55:12 GMT 2003

Tuesday, August 5, 2003, 8:33:07 AM, paul wrote:

> Beast wrote:

>> [root at potato root]# pdbedit -Lv administrator
>> Unix username:        administrator
>> NT username:          administrator
>> Account Flags:        [U          ]
>> User SID:             S-1-5-21-2897595519-3619093474-3625347041-1000
>> Primary Group SID:    S-1-5-21-2897595519-3619093474-3625347041-1001
>> Full Name:            Administrator
>> Home Directory:
>> HomeDir Drive:
>> Logon Script:         logon.bat
>> Profile Path:
>> Domain:               DJKT
>> Account desc:
>> ...
>> With admin uid 0, i can use admin to add machine trust, but when login w2k
>> client can not recognized it as domain admin (ie. can not change IP
>> address on client machine etc.)
> Looks good so far, make sure your "Administrator" is a member of your 
> "Domain Admin" group. I'm not sure about how samba checks that, but 
> there are only two possible ways to do it I can think of right now.

> 1. Change the "Primary Group SID" of your Administator to the SID of the 
> "Domain Admins" global group.

Aaaah........., only this part i did not do some test.
I should think about this before, now it works :=)
Thanks Paul, you save my life, i o u.
Pls send your postal address, i'll send postcard from here...

> 2. Add something like "memberUID: Administrator" to the corresponding 
> UNIX group of your "Domain Admins" group.

I already test this before (and again), it did not works even getent
group shows administrator as a member of domadmin.

> good luck
>    Paul

Thanks and regards,


More information about the samba mailing list