[Samba] UID of the windows Domain Administrator user?
Stéphane Purnelle
stephane.purnelle at tiscali.be
Sat Jun 4 14:27:06 GMT 2005
Fabio Muzzi a écrit :
>Hello Stéphane,
>
>Saturday, June 4, 2005, 2:02:28 PM, you wrote:
>
>
>
>
>SP> For joining a machine to domain, you must have a user with uid = 0.
>SP> But, begin with samba 3.0.11, the privileges can be used for use a other
>SP> user than root (uid = 0)
>SP> You can read more information in this pages :
>SP> http://us2.samba.org/samba/docs/man/Samba-HOWTO-Collection/rights.html
>
>Yes, i have read this even if i have not yet tried it.
>
>What I have not understood is why do I *need* an user with a SID ending in
>500 (as the howto says), because I have never had one, and I had no
>problems at all. The howto says I need one, but id does not say why, and
>what happens id I don't have one.
>
>
>
I suppose can be cause problem in AD mode or with some communication
with windows server.
>SP> The "root" user is only used for that, but after joining a domain,
>SP> changing the SID cause no problem.
>
>You say that I can change the SID of a domain user and the clients will not get
>confused by this change?
>
>
>
sorry, I changed the SID to 500 for my administrator account, not for
"root" user.
I cannot says if changing root account can make some problem.
>SP> Actually, on my network I not enabled privileges (in my test network :
>SP> yes and that work). But, I use root user only for adding machine to
>SP> domain, for the rest of administration, I have a administrator user
>SP> with SID = S-1-5-21-xxxxxx-xxxx-xxxx-500 and groupSID =
>SP> S-1-5-21-xxxxxx-xxxxx-xxxxx-512
>
>
>Well, this seems to be a good idea anyway.
>
>
>
>
--
Stéphane Purnelle <stephane.purnelle at tiscali.be>
Site Web : http://www.linuxplusvalue.be
More information about the samba
mailing list