[Samba] Allowing Domain Admins root access

Phil Marsden phil at softwire.co.uk
Mon Sep 25 16:31:11 GMT 2006


We have a Windows Domain and a few Linux boxes on which we have installed Samba and set them up so people can log in using their
windows domain logins using winbind etc.

All is working fine EXCPECT for the group memberships.

I have a windows user who is a member of the "Domain Admins" group and I want them to have root privilegdes on the UNIX box.

I added a group mapping using the command net groupmap add ntgroup="Domain Admins" unixgroup=root type=d but that just added another
group called "Domain admins" which could be seen by running

[root at xxx ~]# net groupmap list | grep Domain 
Domain Users (S-1-5-21-2057633969-1929386834-1244778803-513) -> -1 
Domain Admins (S-1-5-21-2057633969-1929386834-1244778803-1001) -> root 
Domain Admins (S-1-5-21-2057633969-1929386834-1244778803-512) -> -1 
Domain Guests (S-1-5-21-2057633969-1929386834-1244778803-514) -> -1

so I tried
net groupmap set "Domain Admins" "root" -D which was better and gave the output 
Domain Users (S-1-5-21-2057633969-1929386834-1244778803-513) -> -1 
Domain Admins (S-1-5-21-2057633969-1929386834-1244778803-512) -> root 
Domain Guests (S-1-5-21-2057633969-1929386834-1244778803-514) -> -1

But any users that are in the "Domain Admins" group do not get root prviledges when logging into the unix box

Is what I am doing supported i.e. is that what group mappings are for?


More information about the samba mailing list