[Samba] Domain Admins can't modify ldapsam entries

Eric A. Hall ehall at ehsco.com
Wed Oct 19 04:05:55 GMT 2005

On 10/18/2005 9:26 AM, Gerald (Jerry) Carter wrote:
> Hash: SHA1
> Günter Gersdorf wrote:
> | Domain Admins are not allowed to modify the ldapsam
> | database via usrmgr.
> |   lib/smbldap.c: smbldap_open: cannot access LDAP when not root..
> |
> | Is this by design?
> Yes.  It is by design.  You have to assign the
> SeAddUsersPrivilege  to the Domain Admins group.

Where are the privs stored nowadays? I found lots of references to
privilege[s].tdb but nothing like that seems to exist anywhere.

Eric A. Hall                                        http://www.ehsco.com/
Internet Core Protocols          http://www.oreilly.com/catalog/coreprot/

More information about the samba mailing list