[Samba] Add Hosts as Domain Admin

Tilo Lutz TiloLutz at gmx.de
Mon May 10 18:44:47 GMT 2004

> As an alternative, if you set up a UNIX user 'Administrator' group and 
> have them properly configured for your domain you can give THAT out with 
> a different password.  Give them a UID of 0 and an invalid shell and you 
> should be good.  Of course there are a fair amount of holes that the 
> user could jump through with that, but at least you're not entirely 
> giving out 'root' on the server.
> If you are using LDAP and the idealx scripts this is set up for you with 
> the populate script.  Otherwise, make sure the SID of the user is <your 
> domain SID>-512 for them to be a proper administrator as far as windows 
> is concerned. 
> Tilo Lutz wrote:
> >Hi
> >
> >I found a patch for Samba 3.0.2 allowing to add hosts as
> >member of the domain admin group.
> >(http://marc.theaimsgroup.com/?l=samba&m=107938779530259&w=2)
> >
> >Has anybody seen a patch for Samba 3.0.3? It took a look at
> >srv_samr_nt.c but I don't think the old patch will fit.
> >
> >Why doesn't samba allow domain admins to add hosts to a
> >domain?
> >I don't want to give the root password to everyone who should
> >be able to add hosts.
> >Why I have to be root when adding hosts? Even beeing member of
> >group root should be enough.
> >
> >Tilo
> >
> >  
> >
> -- 
> Paul Gienger                     Office:		701-281-1884
> Applied Engineering Inc.         Cell:			701-306-6254
> Information Systems Consultant   Fax:			701-281-1322
> URL: www.ae-solutions.com        mailto:pgienger at ae-solutions.com

More information about the samba mailing list