[Samba] How Is Administrator Treated?
uzanatta at provincia.treviso.it
Thu May 20 12:20:00 GMT 2004
What do it mens?
I've the same problem; smbldap-tools made sambaSid for Administrator
I have to change it to 500?
I have root acccount in passwd file and Administrator account in ldap
uid=0; does it a misunderstand?
Il gio, 2004-05-20 alle 14:05, John H Terpstra ha scritto:
> On the UNIX system addition/change of user accounts requires UID=0. If you want your Administrator to be able
> to manage user accounts UID=0 is a must. Also, the RID for Administrator must be 500 for the account to have
> admin privileges in Windows.
> If you are using and LDAP backend it is imperative that all UIDs and RIDs must be unambiguous. So if you have a
> root account and an Administrator account - you have introduced ambiguity. It is best to use the 'root' account
> in place of the NT Administrator. Just make sure that the RID for the root account is 500.
> - John T.
> John H Terpstra
> email: jht at samba.org
> > -------- Original Message --------
> > Subject: [Samba] How Is Administrator Treated?
> > From: "Les Bell" <lesbell at lesbell.com.au>
> > Date: Wed, May 19, 2004 9:34 pm
> > To: samba at lists.samba.org
> > I have a couple of Samba 2.2 servers, in different locations, configured
> > as
> > NT Domain Controllers, but I'm experiencing some problems with logging
> > on
> > to the domains as Administrator in order to perform some
> > administration
> > tasks, such as configuring antivirus software on workstations. I won't
> > go
> > into the details here; I think the basic problem is my lack of
> > understanding of how the Administrator account is treated. Ordinary
> > user
> > accounts work fine as far as I can see, but then, ordinary users
> > shouldn't
> > be able to do a bunch of things, anyway.
> > First: I created an Administrator account in Linux, and it wound up
> > (here)
> > with a UID/GID of 604. That's just an ordinary user ID, so what makes
> > it
> > special as far as the domain is concerned? Should the Administrator
> > account
> > have a UID/GID of 0? If I try to run USRMGR.EXE or SRVMGR.EXE I can
> > see
> > things, but can't change them ("Access is denied").
> > Second, what about Windows SID's? Administrator should be
> > S-1-5-domain-500;
> > but if I log on as Administrator at an NT or Win2K workstation and look
> > in
> > the registry, I can't see that SID in HKEY_USERS. How is this set up in
> > the
> > Adminstrator account profile (roaming profiles are in use)?
> > I'm pretty sure that once I "grok" this stuff all the other minor
> > system
> > management problems will fall into place. Thanks in advance for any
> > responses.
> > Best,
> > --- Les Bell, RHCE, CISSP
> > [http://www.lesbell.com.au]
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions: http://lists.samba.org/mailman/listinfo/samba
tel: +39 (335) 54 71 385
email: umberto.z at tin.it
More information about the samba