[Samba] Clarification of 'administrator' config w/ldap

[Frank Gruman]

On Mon, 2009-04-20 at 00:03 -0400, jeff sacksteder wrote:

> As you say, I see 'root = administrator' in smbuser, but I am still
> unable to authenticate as administrator. During the authentication
> attempt the following log entry is recorded-
> 
> check_ntlm_password:  Authentication for user [administrator] ->
> [administrator] FAILED with error NT_STATUS_NO_SUCH_USER
> 
>  I believe that I need to use make an entry with pdbedit linking the
> domain admin sid to root.
> However, trying that produces-
> 
> smbldap_search_domain_info: Searching
> for:[(&(objectClass=sambaDomain)(sambaDomainName=MYDOMAIN))]
> smbldap_open_connection: connection opened
> Username not found!
> 
> So what more do I need to add?
> 
> On Sat, Apr 4, 2009 at 10:15 AM, Adam Williams
> <awilliam at mdah.state.ms.us> wrote:
> > root is mapped to windows Administrator account in /etc/samba/smbusers.
> >  however, since samba 3.0.11 you can make anyone a domain administrator (to
> > add machine accounts, install software, etc) see
> > http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/rights.html for
> > more info.
> >
> > jeff sacksteder wrote:
> >>
> >> I have a mostly working config with the ldap backend, at least from
> >> the standpoint of standard domain users, but I'm not sure how my
> >> Administrator user needs to be configured. The os 'root' user is in
> >> /etc/passwd and all my normal users are in the directory for unified
> >> login purposes. Is the domain 'Administrator' account supposed to
> >> correspond to 'root' in the os, 'Manager' in the directory, or a just
> >> a privileged user in the directory?
> >>
> >


Depending upon your setup, you may need to add an additional entry into
smbusers that includes the domain name (e.g. root = administrator
DOMAIN_NAME\administrator ANOTHER_DOMAIN_NAME\some_guy)

Regards,
Frank