[Samba] Ordinary users automatically member of "Domain Admins"

Beast indorama at rad.net.id
Wed Feb 25 15:11:26 GMT 2004

I've just migrate existing NT users to samba, some users are having SID number 100x.

The funny thing is, from NT usermanager, these users are member of  "Domain Admins" group because of their SID?

[root at credo samba]# pdbedit -L -v jktajit
Unix username:        jktajit
NT username:          jktajit
Account Flags:        [U          ]
User SID:             S-1-5-21-2140563141-904681572-988572150-1012
Primary Group SID:    S-1-5-21-2140563141-904681572-988572150-513

However, admin user which having SID 500 and Group RID 512 (uid=0,gid=0) is not member of domain admins!

[root at credo samba]# pdbedit -L -v smbrootjkt
Unix username:        smbrootjkt
NT username:          smbrootjkt
Account Flags:        [U          ]
User SID:             S-1-5-21-2140563141-904681572-988572150-500
Primary Group SID:    S-1-5-21-2140563141-904681572-988572150-512
Full Name:            SAMBA Root Account

[root at credo samba]# net groupmap list
Domain Users (S-1-5-21-2140563141-904681572-988572150-513) -> userjkt
Domain Computers (S-1-5-21-2140563141-904681572-988572150-515) -> wsjkt
Domain Guests (S-1-5-21-2140563141-904681572-988572150-514) -> guestjkt
Domain Admins (S-1-5-21-2140563141-904681572-988572150-512) -> root



More information about the samba mailing list