[Samba] how can I be a domain admin in 3.0RC3 ?

John H Terpstra jht at samba.org
Thu Sep 11 21:56:36 GMT 2003

On Thu, 11 Sep 2003, Antoine Jacoutot wrote:

> Hash: SHA1
> On Thursday 11 September 2003 22:47, John H Terpstra wrote:
> > Please explain precisely what you mean. What exact steps are you
> > following?
> OK, I created 1 user, 1 computer and several groups.
> One group is called domainadmins. I did a 'net groupmad add' to map it to
> SID-512 (Windows Domain admins group).
> My user's primarygroupID is SID-2001.
> I added my user to domainadmins, which made me believe it then would be
> considered as a Windows Domain administrator... but it does not work. However
> it does work if instead if I set my user's primarygroupID to SID-512.
> So my question is: can I have admin rights if my primarygroupID is not
> domainadmins (supposing I'm part of domainadmins as I'm part of other groups
> too).

The NT Group, Domain Admins, must have the well known RID=512 otherwise it
is not seen by the Windows client as the Domain Admins group.

PS: The Domain SID + the RID = the user SID.

> Is it clearer ? (I'm sorry, English is not my first language)

PS: English is not my first language either.
Additionally, most who claim to speak English don't either! :)

> For information, I'm running FreeBSD-5.1+LDAP+samba-3.0RC3
> Thanks.

- John T.
John H Terpstra
Email: jht at samba.org

More information about the samba mailing list