[Samba] Samba-3 Ldap Adding Administrator Account
godber at win.co.nz
godber at win.co.nz
Mon Sep 8 13:45:10 GMT 2003
Sorry a bit more information
The smb-ldap-3 Howto gives the example
http://www.unav.es/cti/ldap-smb/smb-ldap-3-howto.htm
dn: uid=Administrator, o=smb, dc=unav, dc=es
cn: Administrator
objectClass: sambaAccount
objectClass: posixAccount
uid: Administrator
pwdLastSet: 0
logonTime: 0
logoffTime: 0
kickoffTime: 0
pwdCanChange: 0
pwdMustChange: 0
smbHome: \\%N\
homeDrive: U:
profilePath: \\%N\\profile
rid: 1000
primaryGroupID: 512
lmPassword: 37D5B8AB8069F5B8AB5B8AB8B8AB8069
ntPassword: 5B8AB8B8AB85B8A5B8AB8B8AB82BE319
acctFlags: [UX ]
gecos: Samba Admin
homeDirectory: /
loginShell: /dev/null
uidNumber: 0
gidNumber: 0
dn: uid=nobody,o=smb, dc=unav, dc=es
objectClass: sambaAccount
objectClass: posixAccount
uid: nobody
pwdLastSet: 1026225030
logonTime: 0
logoffTime: 2147483647
kickoffTime: 2147483647
pwdCanChange: 0
pwdMustChange: 2147483647
displayName: Nobody
cn: Nobody
rid: 501
primaryGroupID: 514
gecos: Nobody or Guest
homeDirectory: /
loginShell: /dev/null
uidNumber: 99
gidNumber: 99
acctFlags: [UX ]
The example seem to be incomplete
I want to ensure Administrator and Guest have the correct RIDs ie
DOMAIN_USER_RID_ADMIN 0x0000 01F4
DOMAIN_USER_RID_GUEST 0x0000 01F5
The information you give is great but how to ensure the
Administrator/Guest user has the correct RID?
There are good examples of adding users to groups in the howto
but no information on how to set a users rid?
Godfrey
> Okay... you're a bit light on information, but let me see if I can assist and
> I'll just make a few assumptions.
>
> First, you'll have to create a unix account with the name Administrator, and
> then use smbpasswd -a to give the guy the necessary samba info. In order to
> give our user 'Administrator' the necessary rights to actually tromp around
> the domain as an administrator, he'll (strange... I never think of root as
> having a gender, but Administrator seems like a he) have to be part of a
> group that is mapped to the Domain Administrator group.
>
> To do this, add a unix group named 'domadmin', and then use the 'net groupmap'
> command to associate the proper RID (the domian admin RID is 512) with the
> unix group. Then add your Administrator user to the domadmin group, restart
> the samba server (may not be necessary), and everything should work as
> desired.
>
> I have a bunch of links about this stuff back at work, but its Sunday, and as
> much fun as it would be to ssh into my work box, I try not to during the
> weekend. If you need further assistance or expectation (like how to use
> net... its a bit of a beast), just shout and I'll try and dig up those links
> on Monday for ya.
>
> -Sean
>
> On Monday 08 September 2003 02:52 am, godber at win.co.nz wrote:
> > How do you add an "Administrator" account to ldap.
> >
> > I want to leave root in /etc/passwd but have "Administrator" in ldap
> > I have checked Howto Collection and the Samba-Ldap-3 but they contain no
> > information. The Ldap-Howto has a suggestion but then says not to use.
> >
> > Godfrey
More information about the samba
mailing list