[Samba] how can I be a domain admin in 3.0RC3 ?
John H Terpstra
jht at samba.org
Fri Sep 12 06:04:48 GMT 2003
On Fri, 12 Sep 2003, Antoine Jacoutot wrote:
> Hash: SHA1
>
> On Thursday 11 September 2003 23:56, you wrote:
> > The NT Group, Domain Admins, must have the well known RID=512 otherwise it
> > is not seen by the Windows client as the Domain Admins group.
> >
> > PS: The Domain SID + the RID = the user SID.
>
> I know that :)
> But this is not my question.
> Basically my question is: how can you be part of "Domain Admins" and "User
> Admins", dor exemple ?... since you can't have 2 user SID, right...
If you as a domain user want admin rights on the samba server you need to
use the "username map" facility. Example: /etc/samba/smbusers:
root = Admininistrator jht Antoine
Now Administrator, you and I have Domain Admin rights on the Samba server.
If you want Win NT/2Kx admin rights then you need in /etc/group (example):
ntadmins::123:antoine,jht
Then map ntadmins to NT Group "Domain Admins"
Alternatively, make "Domain Admins" your primary group in passdb backend.
Map "Domain Admins" to the GID=0 group on your system. Now you have
achieved effectively the same thing.
Have I understood your question?
- John T.
--
John H Terpstra
Email: jht at samba.org
More information about the samba
mailing list