[Samba] Add Hosts as Domain Admin

Paul Gienger pgienger at ae-solutions.com
Mon May 10 12:58:29 GMT 2004

As an alternative, if you set up a UNIX user 'Administrator' group and 
have them properly configured for your domain you can give THAT out with 
a different password.  Give them a UID of 0 and an invalid shell and you 
should be good.  Of course there are a fair amount of holes that the 
user could jump through with that, but at least you're not entirely 
giving out 'root' on the server.

If you are using LDAP and the idealx scripts this is set up for you with 
the populate script.  Otherwise, make sure the SID of the user is <your 
domain SID>-512 for them to be a proper administrator as far as windows 
is concerned. 

Tilo Lutz wrote:

>I found a patch for Samba 3.0.2 allowing to add hosts as
>member of the domain admin group.
>Has anybody seen a patch for Samba 3.0.3? It took a look at
>srv_samr_nt.c but I don't think the old patch will fit.
>Why doesn't samba allow domain admins to add hosts to a
>I don't want to give the root password to everyone who should
>be able to add hosts.
>Why I have to be root when adding hosts? Even beeing member of
>group root should be enough.

Paul Gienger                     Office:		701-281-1884
Applied Engineering Inc.         Cell:			701-306-6254
Information Systems Consultant   Fax:			701-281-1322
URL: www.ae-solutions.com        mailto:pgienger at ae-solutions.com

More information about the samba mailing list