[Samba] What makes an account is DOMAIN ADMINISTRATOR?

Beast beast at setuid.com
Fri Jul 25 08:58:57 GMT 2003

Friday, July 25, 2003, 2:58:54 PM, Alex wrote:

> Look into the command 'net groupmap', here is where it lies.

> for example net groupmap add unixgroup=domainadmins ntgroup="Domain Admins"
> type=domain

> this will ´map your local group domainadmins to Domain Admins, so that
> windows understands it.
> If you already have groupmaps set up but no groups map to them use net
> groupmap modify.

This is my initial map from fresh install :
[root at potato root]# net groupmap list
System Operators (S-1-5-32-549) -> -1
Domain Users (S-1-5-21-682855339-941891451-1873685625-513) -> -1
Replicators (S-1-5-32-552) -> -1
Guests (S-1-5-32-546) -> -1
Domain Guests (S-1-5-21-682855339-941891451-1873685625-514) -> -1
Power Users (S-1-5-32-547) -> -1
Print Operators (S-1-5-32-550) -> -1
Administrators (S-1-5-32-544) -> -1
Account Operators (S-1-5-32-548) -> -1
Domain Admins (S-1-5-21-682855339-941891451-1873685625-512) -> -1
Backup Operators (S-1-5-32-551) -> -1
Users (S-1-5-32-545) -> -1

I have root user in smbpasswd and not put his group to
"Administrators" or "Domain Admins" but why it able to add machine
trust from Win2k client? any explanation?



More information about the samba mailing list