[Samba] Domain Admins can't modify ldapsam entries
Eric A. Hall
ehall at ehsco.com
Wed Oct 19 04:05:55 GMT 2005
On 10/18/2005 9:26 AM, Gerald (Jerry) Carter wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Günter Gersdorf wrote:
>
> | Domain Admins are not allowed to modify the ldapsam
> | database via usrmgr.
> | lib/smbldap.c: smbldap_open: cannot access LDAP when not root..
> |
> | Is this by design?
>
> Yes. It is by design. You have to assign the
> SeAddUsersPrivilege to the Domain Admins group.
Where are the privs stored nowadays? I found lots of references to
privilege[s].tdb but nothing like that seems to exist anywhere.
--
Eric A. Hall http://www.ehsco.com/
Internet Core Protocols http://www.oreilly.com/catalog/coreprot/
More information about the samba
mailing list