[Samba] How Is Administrator Treated?

Umberto Zanatta uzanatta at provincia.treviso.it
Thu May 20 12:20:00 GMT 2004


What do it mens?

I've the same problem; smbldap-tools made sambaSid for Administrator
like:

 S-1-5-21-xxxxx-2996

I have to change it to 500?

I have root acccount in passwd file and Administrator account in ldap
tree with
uid=0; does it a misunderstand?

regards;


Il gio, 2004-05-20 alle 14:05, John H Terpstra ha scritto:

> Les,
> 
> On the UNIX system addition/change of user accounts requires UID=0. If you want your Administrator to be able
> to manage user accounts UID=0 is a must. Also, the RID for Administrator must be 500 for the account to have
> admin privileges in Windows.
> 
> If you are using and LDAP backend it is imperative that all UIDs and RIDs must be unambiguous. So if you have a
> root account and an Administrator account - you have introduced ambiguity. It is best to use the 'root' account
> in place of the NT Administrator. Just make sure that the RID for the root account is 500.
> 
> - John T.
> ---
> John H Terpstra
> Samba-Team
> email: jht at samba.org
> 
> 
> > -------- Original Message --------
> > Subject: [Samba] How Is Administrator Treated?
> > From: "Les Bell" <lesbell at lesbell.com.au>
> > Date: Wed, May 19, 2004 9:34 pm
> > To: samba at lists.samba.org
> >
> > I have a couple of Samba 2.2 servers, in different locations, configured
> > as
> > NT Domain Controllers, but I'm experiencing some problems with logging
> > on
> > to the domains as Administrator in order to perform some
> > administration
> > tasks, such as configuring antivirus software on workstations. I won't
> > go
> > into the details here; I think the basic problem is my lack of
> > understanding of how the Administrator account is treated. Ordinary
> > user
> > accounts work fine as far as I can see, but then, ordinary users
> > shouldn't
> > be able to do a bunch of things, anyway.
> >
> > First: I created an Administrator account in Linux, and it wound up
> > (here)
> > with a UID/GID of 604. That's just an ordinary user ID, so what makes
> > it
> > special as far as the domain is concerned? Should the Administrator
> > account
> > have a UID/GID of 0? If I try to run USRMGR.EXE or SRVMGR.EXE I can
> > see
> > things, but can't change them ("Access is denied").
> >
> > Second, what about Windows SID's? Administrator should be
> > S-1-5-domain-500;
> > but if I log on as Administrator at an NT or Win2K workstation and look
> > in
> > the registry, I can't see that SID in HKEY_USERS. How is this set up in
> > the
> > Adminstrator account profile (roaming profiles are in use)?
> >
> > I'm pretty sure that once I "grok" this stuff all the other minor
> > system
> > management problems will fall into place. Thanks in advance for any
> > responses.
> >
> > Best,
> >
> > --- Les Bell, RHCE, CISSP
> > [http://www.lesbell.com.au]
> >
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  http://lists.samba.org/mailman/listinfo/samba

_______________________
Umberto Zanatta
linuxDidattica

tel: +39 (335) 54 71 385
email: umberto.z at tin.it
web: http://linuxdidattica.org
_______________________


More information about the samba mailing list