[Samba] Samba 3 - domain admins (not root)?
Gémes Géza
geza at kzsdabas.sulinet.hu
Mon Mar 8 18:25:32 GMT 2004
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Jonathan Baker-Bates TMS írta:
| I'm trying to work out how I can create domain administrators with
Samba 3.
|
| I currently have the following in smb.conf
|
| domain admin group = @smbadmins
| domain admin users = root jbb
You are wrong in Samba3 there is a complete group mapping posibility,
not just the possibility of mapping domain admins, like in 2.2.x.
So:
first) Remove that two lines from your smb.conf
second) Depending on your passdb backend, there could be two cases:
A) passdb backend = smbpasswd (default, if not specified) or tdbsam. In
this case samba populates its database with all the entries found on a
Windows DC, you could see them with net groupmap list. You can (you need
to do) modify this default group mappings with net groupmap modify
ntgroup=... unixgroup=...
B) passdb backend =ldapsam you need to add all the groupmaping by hand
with net groupmap add sid=... unixgroup=... Remember: Domain Admins
SID=Domain SID-512 Domain Users SID=Domain SID-513 Domain Guests
SID=Domain SID-514
Good Luck, and have a pleasant experience with Samba3, it is realy a big
improvment since the 2.2 line, in many areas.
Geza
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFATLqc/PxuIn+i1pIRAshHAKCR9xQtFdn3+PyfXiBaHLLak6wJmQCfWImc
TKYVaWx/XRzTHkgCw+lCJoY=
=u8n0
-----END PGP SIGNATURE-----
More information about the samba
mailing list