[Samba] No Admin-Rights in SMB-PDC-Domain
Volker Lendecke
Volker.Lendecke at SerNet.DE
Wed Sep 23 04:39:29 MDT 2009
On Wed, Sep 23, 2009 at 12:33:24PM +0200, Daniel Spannbauer wrote:
> Hmmm, when I log in on the Workstation as Administrator (which is mapped
> to User root) then I get a Groupsid which ends to 513, so I get as
> Administrator the Rights of the normals Domain USer. But in LDAP the
> PrimaryGroupSid for root is set to 512 (DomainAdmins).
> In the Group-Entry for the Group of the DomainAdmins root is also in
> MemberUID.
>
> Can anybody tell me why the PrimaryGropSid isn't used by samba?
Samba uses the gidNumber of the account and maps it via the
group mapping entries to a SID. We only have the
primaryGroupSid still in our schema because removing it
would have made upgrades almost impossible.
Volker
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: Digital signature
URL: <http://lists.samba.org/pipermail/samba/attachments/20090923/fc0815a7/attachment.pgp>
More information about the samba
mailing list