[Samba] Adminstrator Domain SID?

John H Terpstra jht at samba.org
Wed Mar 30 05:04:19 GMT 2005

On Tuesday 29 March 2005 21:57, Doug Campbell wrote:
> In the Samba How-To Chapter 13 it says:
> "
> The Administrator Domain SID
> Please note that when configured as a DC, it is now required that an
> account in the server's passdb backend be set to the domain SID of the
> default Administrator account. To obtain the domain SID on a Samba DC, run
> the following command:
> root#  net getlocalsid
> SID for domain FOO is: S-1-5-21-4294955119-3368514841-2087710299
> You may assign the Domain Administrator rid to an account using the pdbedit
> command as shown here:
> root#  pdbedit -U S-1-5-21-4294955119-3368514841-2087710299-500 -u root -r
> "
> Question:  Is this information still valid after samba 3.0.11?  I didn't do
> this but things seem to be working fine.  If the information is still
> valid, what would not having it affect?

Yes, it is!

OK. But what is the name of your administrator account? What is the SID for 
this account?

You do realize, I hope, that the RID=500 means the account is the 
Administrator for Windows clients. Any other RID will be seen by the Windows 
workstation (client) as an account other than the real Administrator.

What more must we do to clarify the wording so that everyone clearly gets the 
message? What is not clear in the documentation?

Have fun. :)

John T.

> BTW, I am using the ldapsam backend.
> Thanks!
> Doug

John H Terpstra
Samba-Team Member
Phone: +1 (650) 580-8668

The Official Samba-3 HOWTO & Reference Guide, ISBN: 0131453556
Samba-3 by Example, ISBN: 0131472216
Hardening Linux, ISBN: 0072254971
Other books in production.

More information about the samba mailing list