[Samba] Domain Admins can't modify ldapsam entries

John H Terpstra jht at samba.org
Wed Oct 19 04:30:42 GMT 2005


On Tuesday 18 October 2005 22:05, Eric A. Hall wrote:
> On 10/18/2005 9:26 AM, Gerald (Jerry) Carter wrote:
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > Günter Gersdorf wrote:
> > | Domain Admins are not allowed to modify the ldapsam
> > | database via usrmgr.
> > |   lib/smbldap.c: smbldap_open: cannot access LDAP when not root..
> > |
> > | Is this by design?
> >
> > Yes.  It is by design.  You have to assign the
> > SeAddUsersPrivilege  to the Domain Admins group.
>
> Where are the privs stored nowadays? I found lots of references to
> privilege[s].tdb but nothing like that seems to exist anywhere.

account_policy.tdb

- John T.
-- 
John H Terpstra
Samba-Team Member
Phone: +1 (650) 580-8668

Author:
The Official Samba-3 HOWTO & Reference Guide, 2 Ed., ISBN: 0131882228
Samba-3 by Example, 2 Ed., ISBN: 0131882221X
Hardening Linux, ISBN: 0072254971
Other books in production.


More information about the samba mailing list