[Samba] how can I be a domain admin in 3.0RC3 ?
John H Terpstra
jht at samba.org
Thu Sep 11 21:56:36 GMT 2003
On Thu, 11 Sep 2003, Antoine Jacoutot wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On Thursday 11 September 2003 22:47, John H Terpstra wrote:
> > Please explain precisely what you mean. What exact steps are you
> > following?
>
> OK, I created 1 user, 1 computer and several groups.
> One group is called domainadmins. I did a 'net groupmad add' to map it to
> SID-512 (Windows Domain admins group).
> My user's primarygroupID is SID-2001.
> I added my user to domainadmins, which made me believe it then would be
> considered as a Windows Domain administrator... but it does not work. However
> it does work if instead if I set my user's primarygroupID to SID-512.
> So my question is: can I have admin rights if my primarygroupID is not
> domainadmins (supposing I'm part of domainadmins as I'm part of other groups
> too).
The NT Group, Domain Admins, must have the well known RID=512 otherwise it
is not seen by the Windows client as the Domain Admins group.
PS: The Domain SID + the RID = the user SID.
> Is it clearer ? (I'm sorry, English is not my first language)
PS: English is not my first language either.
Additionally, most who claim to speak English don't either! :)
> For information, I'm running FreeBSD-5.1+LDAP+samba-3.0RC3
>
> Thanks.
- John T.
--
John H Terpstra
Email: jht at samba.org
More information about the samba
mailing list