[Samba] Re: Samba Domain Administrator
Jim C.
jcllings at gmail.com
Tue May 24 19:37:34 GMT 2005
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
> net groupmap modify ntgroup="Domain Admins" unixgroup=root
> This should enable the users in the "root" group to be considered as
> domain admins by workstations, thus enabling the user "root" to be an
> administrator of all windows workstations.
> If you like, you can create a group like "ntadmins" and set that group to
> be Domain Admins instead of "root", then you can add users to this group
> (I suggest to add also root to this group) so that "normal" users (that do
> not have the root password on your Linux server) can still manage the
> windows workstations.
Whoa... I wonder why this doesn't work for me? Perhaps because I'm
using an LDAP backend? Something is hosed somewhere and I never even
realized it?
[root at enigma 0 root]$ net groupmap list | grep 'Domain Admins'
Domain Admins (S-1-5-21-2147030705-2499090161-3119200592-512) -> Domain
Admins
[root at enigma 0 root]$ getent group 'Domain Admins'
Domain Admins:x:512:ldap,clamav,root
[root at enigma 0 root]$ getent passwd | grep root
root:x:0:0:root:/root:/bin/bash
root:xxxxxxxxxxxxxxxxxxxxx:0:512:Netbios Domain
Administrator:/mnt/home/root:/bin/bash
[root at enigma 0 root]$ getent group adm
adm:x:4:ldap
Jim C.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFCk4J9B4AhF6wVFMERApjPAJ90KJLWY3FfPPnG4cCDmMrLVVAzywCg/yy9
W0GRkZGDpFBNxEVTYB0XqWE=
=V3Tk
-----END PGP SIGNATURE-----
More information about the samba
mailing list