[Samba] Administrator rights in Samba3?
Gémes Géza
geza at kzsdabas.sulinet.hu
Fri Oct 10 14:58:58 GMT 2003
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Eivind Trondsen írta:
| Dear list
|
| What exactly does it take to give a user administrator rights in Samba3?
| I have a user who is in the Domain Admin group (which is mapped to a
regular
| unix group) and who is also Domain Administrator (by having the last
digits
| of the SID set to 500.
|
| He is still not allowed to add computers to the domain.
|
| What am I doing wrong?
|
| Regards
As I know, because of the security of UNIX systems only users with
uid=0, typicaly called root are allowed to manipulate user accounts.
Because machine accounts also require a passwd (or LDAP corespondent)
entry, SAMBA follows this policy, so the only users alowed to ad
machines are those with uid=0, so you will need to have root in
smbpasswd or equivalent.
Another issue group SID must end in
512 to be Domain Admins in eyes of Windows!
513 to be Domain Users in eyes of Windows!
514 to be Domain Guests in eyes of Windows!
Regerds
Geza Gemes
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQE/hsky/PxuIn+i1pIRAr4HAJ9k+6J8w2yujV4C990ddNQoSt/4rgCfWGvl
Av3GUsKeOHwWNsfvUdrx4/4=
=Kh/w
-----END PGP SIGNATURE-----
More information about the samba
mailing list