[Samba] UID of the windows Domain Administrator user?
Fabio Muzzi
liste at kurgan.org
Sat Jun 4 11:07:14 GMT 2005
I have installed lots of samba 3 servers as PDCs for little networks
serving 10 users or so. I have always set up the user "root" as the domain
administrator, by setting its group SID to <domainSID>-512 with pdbedit.
My "root" user has usually a user SID of <domainSID>-1000 since it is the
first user I add to Samba. I have never set up a username map to map
"administrator" to "root", I use "root" directly also on Windows boxes
when I need to connect as the domain admin (to add workstations to the
domain, for example) and I have never had issues. I have no
user named "administrator" on the domain.
Now I have read in the HOWTO collection that I should set the user SID to
<domainSID>-500 for the "administrator" user since this is a predefined
default SID. I have found that a NT server uses 500 indeed for its
"Administrator" user.
First, I'd like to understand why do I need an user with the "500" SID,
since I have never had one and still it seems that my "root" user is
working.
Second, I'd like to know what will happen if I changhe the SID of root
from "1000" to "500", now that my workstations already know the user
"root" by its old SID. I suppose that generally is definitely NOT a good
idea to change a user's SID, because this would make his files on his
workstations owned by someone else. Am I right?
--
Fabio "Kurgan" Muzzi
More information about the samba
mailing list