[Samba] What makes an account is DOMAIN ADMINISTRATOR?

Felipe Alfaro Solana felipe_alfaro at linuxmail.org
Fri Jul 25 11:31:30 GMT 2003


On Fri, 2003-07-25 at 12:41, Beast wrote:

> > The easiest way is to create an "Administrator" user in Samba and assign
> > it a UID of 0. Then, when joining your Windows machine to the domain,
> > use that "Administrator" user.
> 
> Tks felipe,
> But why it needs to be root (or uid=0), is it because it needs to open
> /etc/samba/smbpasswd?
> What if i'm using ldap, can I use ordinary user and bind as
> ldapmanager?
> 
> This is required for me because I will use ldap backend but I don't
> want to create root account in ldap which if it's compromised, it can
> do anything to *all* workstation.

Sincerely, I don't know why the "Administrator" user must have a UID of
0, but I know that it's always needed, even when you're using the
LDAPSAM backend.

In fact, I'm using the LDAPSAM backend of Samba 3.0 beta 3 and it's a
requisite that the user you use to join the machine to the domain
(normally, Administrator) has a UID of cero.

To secure you "Administrator" Samba user, assign it a UID of 0, a
different password from your "root" unix user, and specify "/dev/null"
as the home directory and login shell.

Isn't this curious? :-)




More information about the samba mailing list