[Samba] What makes an account is DOMAIN ADMINISTRATOR?

Beast beast at setuid.com
Fri Jul 25 11:46:57 GMT 2003


Friday, July 25, 2003, 6:31:30 PM, Felipe wrote:

> On Fri, 2003-07-25 at 12:41, Beast wrote:
>>
>> This is required for me because I will use ldap backend but I don't
>> want to create root account in ldap which if it's compromised, it can
>> do anything to *all* workstation.

> Sincerely, I don't know why the "Administrator" user must have a UID of
> 0, but I know that it's always needed, even when you're using the
> LDAPSAM backend.

> In fact, I'm using the LDAPSAM backend of Samba 3.0 beta 3 and it's a
> requisite that the user you use to join the machine to the domain
> (normally, Administrator) has a UID of cero.

> To secure you "Administrator" Samba user, assign it a UID of 0, a
> different password from your "root" unix user,

I have to enable "ldap passwd sync", so assigning diferrent passwd
will not be the good solutions...

> and specify "/dev/null"
> as the home directory and login shell.

Aaaaaah yes, why i'm so dumb? :=)

Create user administrator with uid=0 but doesn't have home directory
and valid shell.
root will be local on each server, Tks felipe, you're my hero :-)




--beast 




More information about the samba mailing list