[Samba] Domain Admins can't modify ldapsam entries
Gerald (Jerry) Carter
jerry at samba.org
Wed Oct 19 11:20:01 GMT 2005
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Eric A. Hall wrote:
| On 10/18/2005 9:26 AM, Gerald (Jerry) Carter wrote:
|> -----BEGIN PGP SIGNED MESSAGE-----
|> Hash: SHA1
|>
|> Günter Gersdorf wrote:
|>
|> | Domain Admins are not allowed to modify the ldapsam
|> | database via usrmgr.
|> | lib/smbldap.c: smbldap_open: cannot access LDAP when not root..
|> |
|> | Is this by design?
|>
|> Yes. It is by design. You have to assign the
|> SeAddUsersPrivilege to the Domain Admins group.
|
| Where are the privs stored nowadays? I found lots of references to
| privilege[s].tdb but nothing like that seems to exist anywhere.
account_pol.tdb
cheers, jerry
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFDVivhIR7qMdg1EfYRAkXGAKCEY2GIWFv9PVeJFVibdbEQhiF2gACgzOUZ
tvPaLcmdeltTlZuNdqzXbhM=
=CHd2
-----END PGP SIGNATURE-----
More information about the samba
mailing list