[Samba] Samba-3 Ldap Adding Administrator Account

godber at win.co.nz godber at win.co.nz
Mon Sep 8 13:45:10 GMT 2003

Sorry a bit more information 

The smb-ldap-3 Howto gives the example 


dn: uid=Administrator, o=smb, dc=unav, dc=es 
cn: Administrator 
objectClass: sambaAccount 
objectClass: posixAccount 
uid: Administrator 
pwdLastSet: 0 
logonTime: 0 
logoffTime: 0 
kickoffTime: 0 
pwdCanChange: 0 
pwdMustChange: 0 
smbHome: \\%N\ 
homeDrive: U: 
profilePath: \\%N\\profile 
rid: 1000 
primaryGroupID: 512 
lmPassword: 37D5B8AB8069F5B8AB5B8AB8B8AB8069 
ntPassword:  5B8AB8B8AB85B8A5B8AB8B8AB82BE319 
acctFlags: [UX         ] 
gecos: Samba Admin 
homeDirectory: / 
loginShell: /dev/null 
uidNumber: 0 
gidNumber: 0 

dn: uid=nobody,o=smb, dc=unav, dc=es 
objectClass: sambaAccount 
objectClass: posixAccount 
uid: nobody 
pwdLastSet: 1026225030 
logonTime: 0 
logoffTime: 2147483647 
kickoffTime: 2147483647 
pwdCanChange: 0 
pwdMustChange: 2147483647 
displayName: Nobody 
cn: Nobody 
rid: 501 
primaryGroupID: 514 
gecos: Nobody or Guest 
homeDirectory: / 
loginShell: /dev/null 
uidNumber: 99 
gidNumber: 99 
acctFlags: [UX         ] 

The example seem to be incomplete 

I want to ensure Administrator and Guest have the correct RIDs ie 

DOMAIN_USER_RID_ADMIN          0x0000 01F4 
DOMAIN_USER_RID_GUEST          0x0000 01F5 

The information you give is great but how to ensure the 
Administrator/Guest user has the correct RID? 

There are good examples of adding users to groups in the howto 
but no information on how to set a users rid? 


> Okay...  you're a bit light on information, but let me see if I can assist and 
> I'll just make a few assumptions.
> First, you'll have to create a unix account with the name Administrator, and 
> then use smbpasswd -a to give the guy the necessary samba info.  In order to 
> give our user 'Administrator' the necessary rights to actually tromp around 
> the domain as an administrator, he'll (strange...  I never think of root as 
> having a gender, but Administrator seems like a he) have to be part of a 
> group that is mapped to the Domain Administrator group.
> To do this, add a unix group named 'domadmin', and then use the 'net groupmap' 
> command to associate the proper RID (the domian admin RID is 512) with the 
> unix group.  Then add your Administrator user to the domadmin group, restart 
> the samba server (may not be necessary), and everything should work as 
> desired.
> I have a bunch of links about this stuff back at work, but its Sunday, and as 
> much fun as it would be to ssh into my work box, I try not to during the 
> weekend.  If you need further assistance or expectation (like how to use 
> net...  its a bit of a beast), just shout and I'll try and dig up those links 
> on Monday for ya.
> -Sean 
> On Monday 08 September 2003 02:52 am, godber at win.co.nz wrote:
> > How do you add an "Administrator" account to ldap.
> >
> > I want to leave root in /etc/passwd but have "Administrator" in ldap
> > I have checked Howto Collection and the Samba-Ldap-3 but they contain no
> > information. The Ldap-Howto has a suggestion but then says not to use.
> >
> > Godfrey

More information about the samba mailing list