[Samba] Domain Admins can't modify ldapsam entries
craigwhite at azapple.com
Wed Oct 19 04:25:45 GMT 2005
On Wed, 2005-10-19 at 00:05 -0400, Eric A. Hall wrote:
> On 10/18/2005 9:26 AM, Gerald (Jerry) Carter wrote:
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> > Günter Gersdorf wrote:
> > | Domain Admins are not allowed to modify the ldapsam
> > | database via usrmgr.
> > | lib/smbldap.c: smbldap_open: cannot access LDAP when not root..
> > |
> > | Is this by design?
> > Yes. It is by design. You have to assign the
> > SeAddUsersPrivilege to the Domain Admins group.
> Where are the privs stored nowadays? I found lots of references to
> privilege[s].tdb but nothing like that seems to exist anywhere.
on my systems, tdb's are stored in /var/cache/samba (RHEL)
if slocate is current, you should be able to find it easily enough...
if slocate is not current, execute 'updatedb' first
The SeAddUsersPrivilege was added somewhere around 3.0.14 - depends upon
which version of samba you are using as to whether command is available.
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the samba