[Samba] problem with administrator accounts

Edward Luck ed.luck at gmail.com
Thu Jan 12 10:16:56 GMT 2006

---------- Forwarded message ----------
From: Edward Luck <ed.luck at gmail.com>
Date: Jan 12, 2006 7:06 PM
Subject: Re: [Samba] problem with administrator accounts
To: "Chris St. Pierre" <stpierre at nebrwesleyan.edu>

You need to map your Domain Admins group to a Linux group which the
root user is a member of.

Here's a couple of things I have noticed:

1. User account "root" always gets a RID of 1000, not 500.  So, there
is effectively no "Administrator" user account.
2. You need to map the group "Domain Admins" to a unix group
(preferrably named "ntadmins", which root is a member of.

With the above settings, I was able to add machines to the domain as
the user "root".

Remember that the User RID of "500" in Windows has special privileges
- much like any account in UNIX with a userID of "0" is considered the
superuser.  Because there is no account in Samba which has a RID of
500, you need to assign Administrator privileges based on group
membership - Domain Admins to be precise.

On 1/12/06, Chris St. Pierre <stpierre at nebrwesleyan.edu> wrote:
> I have a small domain with a Samba PDB and two Windows clients.  My
> goal is to have all accounts held centrally on the Linux box, but the
> administrator login doesn't work as an administrator.
> That is, I can login just fine as 'administrator' (or as any of the
> other accounts in the Samba password db), but I don't get
> administrative privileges in Windows.
> In smb.conf, I have:
> admin users = root
> username map = /etc/samba/smbusers
> In smbusers, I have:
> root = administrator
> The username mapping appears to occur, but 'administrator' (now
> 'root') does not receive admin privileges in Windows.  (This leads to
> quite a bind, because I can't login as administrator to take the
> computer out of the domain and add a local administrator account.)
> Any ideas?  Thanks!
> Chris St. Pierre
> Unix Systems Administrator
> Nebraska Wesleyan University
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba

Keep flying, and stay shiny.

Keep flying, and stay shiny.

More information about the samba mailing list