[Samba] problem with administrator accounts
Edward Luck
ed.luck at gmail.com
Thu Jan 12 10:17:05 GMT 2006
---------- Forwarded message ----------
From: Edward Luck <ed.luck at gmail.com>
Date: Jan 12, 2006 7:10 PM
Subject: Re: [Samba] problem with administrator accounts
To: "Chris St. Pierre" <stpierre at nebrwesleyan.edu>
One other thing about Administrator access. If you try and force a
RID of 500 to the user "root" you get tdb database errors. It
basically doesn't work as expected.
On 1/12/06, Edward Luck <ed.luck at gmail.com> wrote:
> You need to map your Domain Admins group to a Linux group which the
> root user is a member of.
>
> Here's a couple of things I have noticed:
>
> 1. User account "root" always gets a RID of 1000, not 500. So, there
> is effectively no "Administrator" user account.
> 2. You need to map the group "Domain Admins" to a unix group
> (preferrably named "ntadmins", which root is a member of.
>
> With the above settings, I was able to add machines to the domain as
> the user "root".
>
> Remember that the User RID of "500" in Windows has special privileges
> - much like any account in UNIX with a userID of "0" is considered the
> superuser. Because there is no account in Samba which has a RID of
> 500, you need to assign Administrator privileges based on group
> membership - Domain Admins to be precise.
>
> On 1/12/06, Chris St. Pierre <stpierre at nebrwesleyan.edu> wrote:
> > I have a small domain with a Samba PDB and two Windows clients. My
> > goal is to have all accounts held centrally on the Linux box, but the
> > administrator login doesn't work as an administrator.
> >
> > That is, I can login just fine as 'administrator' (or as any of the
> > other accounts in the Samba password db), but I don't get
> > administrative privileges in Windows.
> >
> > In smb.conf, I have:
> >
> > admin users = root
> > username map = /etc/samba/smbusers
> >
> > In smbusers, I have:
> >
> > root = administrator
> >
> > The username mapping appears to occur, but 'administrator' (now
> > 'root') does not receive admin privileges in Windows. (This leads to
> > quite a bind, because I can't login as administrator to take the
> > computer out of the domain and add a local administrator account.)
> >
> > Any ideas? Thanks!
> >
> > Chris St. Pierre
> > Unix Systems Administrator
> > Nebraska Wesleyan University
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions: https://lists.samba.org/mailman/listinfo/samba
> >
>
>
> --
> Keep flying, and stay shiny.
>
--
Keep flying, and stay shiny.
--
Keep flying, and stay shiny.
More information about the samba
mailing list