[Samba] SAMBA+LDAP-How to promote Administrator with all priviliges?

adrian sender adrian_au1 at hotmail.com
Thu Oct 11 13:24:39 GMT 2007


This may be what you are looking for..

net rpc rights                to manage privileges assigned to SIDs

http://us1.samba.org/samba/docs/man/Samba-HOWTO-Collection/NetCommand.html#id364647

root#  net rpc rights list -U root%not24get
     SeMachineAccountPrivilege  Add machines to domain
      SePrintOperatorPrivilege  Manage printers
           SeAddUsersPrivilege  Add users and groups to the domain
     SeRemoteShutdownPrivilege  Force shutdown from a remote system
       SeDiskOperatorPrivilege  Manage disk shares
             SeBackupPrivilege  Back up files and directories
            SeRestorePrivilege  Restore files and directories
      SeTakeOwnershipPrivilege  Take ownership of files or other objects

All in the docs.

Adrian Sender



>> 
> email message attachment
>> -------- Forwarded Message --------
>> From: Torsten 
>> To: samba at lists.samba.org
>> Subject: [Samba] SAMBA+LDAP-How to promote Administrator with all
>> priviliges?
>> Date: Thu, 11 Oct 2007 11:15:59 +0200
>> 
>> Hi,
>> 
>> I have setup samba+ldap an almost everything went well, accept the fact, 
>> that there was no administrative account from the beginning. So I just 
>> created one using smbldap-useradd.
>> 
>> samba-pdc:~# /usr/sbin/smbldap-usershow administrator
>> dn: uid=administrator,ou=Users,dc=rhhu,dc=local
>> objectClass: 
>> top,person,organizationalPerson,inetOrgPerson,posixAccount,shadowAccount,sambaSamAccount
>> cn: administrator
>> sn: administrator
>> givenName: administrator
>> uid: administrator
>> uidNumber: 1004
>> gidNumber: 513
>> homeDirectory: /home/administrator
>> loginShell: /bin/bash
>> gecos: System User
>> sambaLogonTime: 0
>> sambaLogoffTime: 2147483647
>> sambaKickoffTime: 2147483647
>> sambaPwdCanChange: 0
>> sambaSID: S-1-5-21-55810726-2383910042-1397420801-3008
>> sambaPrimaryGroupSID: S-1-5-21-55810726-2383910042-1397420801-513
>> sambaLogonScript: logon.bat
>> sambaHomeDrive: Z:
>> sambaLMPassword: 79A0A158A100C04D902139606B6D16B5
>> sambaAcctFlags: [U]
>> sambaNTPassword: 6261BD5C725F9795FC7E84DA0350FA29
>> sambaPwdLastSet: 1187341118
>> sambaPwdMustChange: 1191229118
>> userPassword: {MD5}0/ECsVoPmE2fvVgfBQguZg==
>> 
>> samba-pdc:~# /usr/sbin/smbldap-groupshow "Domain Admins"
>> dn: cn=Domain Admins,ou=Groups,dc=rhhu,dc=local
>> objectClass: top,posixGroup,sambaGroupMapping
>> gidNumber: 512
>> cn: Domain Admins
>> memberUid: root,Administrator
>> description: Netbios Domain Administrators
>> sambaSID: S-1-5-21-55810726-2383910042-1397420801-512
>> sambaGroupType: 2
>> displayName: Domain Admins
>> 
>> So, administrator is member of Domain Admins. I suppose the problem lies 
>> within the primary group membership of that account, but I have no clue 
>> how to change the sid.
>> 
>> What would be a practicable solution? Thanks.
>> 
>> Regards, Torsten
>> 

_________________________________________________________________
Your Future Starts Here. Dream it? Then be it! Find it at www.seek.com.au
http://a.ninemsn.com.au/b.aspx?URL=http%3A%2F%2Fninemsn%2Eseek%2Ecom%2Eau%2F%3Ftracking%3Dsk%3Ahet%3Ask%3Anine%3A0%3Ahot%3Atext&_t=764565661&_r=OCT07_endtext_Future&_m=EXT


More information about the samba mailing list