[Samba] how can I be a domain admin in 3.0RC3 ?

John H Terpstra jht at samba.org
Fri Sep 12 06:04:48 GMT 2003

On Fri, 12 Sep 2003, Antoine Jacoutot wrote:

> Hash: SHA1
> On Thursday 11 September 2003 23:56, you wrote:
> > The NT Group, Domain Admins, must have the well known RID=512 otherwise it
> > is not seen by the Windows client as the Domain Admins group.
> >
> > PS: The Domain SID + the RID = the user SID.
> I know that :)
> But this is not my question.
> Basically my question is: how can you be part of "Domain Admins" and "User
> Admins", dor exemple ?... since you can't have 2 user SID, right...

If you as a domain user want admin rights on the samba server you need to
use the "username map" facility. Example: /etc/samba/smbusers:

root = Admininistrator jht Antoine

Now Administrator, you and I have Domain Admin rights on the Samba server.

If you want Win NT/2Kx admin rights then you need in /etc/group (example):


Then map ntadmins to NT Group "Domain Admins"

Alternatively, make "Domain Admins" your primary group in passdb backend.
Map "Domain Admins" to the GID=0 group on your system. Now you have
achieved effectively the same thing.

Have I understood your question?

- John T.
John H Terpstra
Email: jht at samba.org

More information about the samba mailing list