[Samba] No Admin-Rights in SMB-PDC-Domain

Volker Lendecke Volker.Lendecke at SerNet.DE
Wed Sep 23 04:39:29 MDT 2009

On Wed, Sep 23, 2009 at 12:33:24PM +0200, Daniel Spannbauer wrote:
> Hmmm, when I log in on the Workstation as Administrator (which is mapped  
> to User root) then I get a Groupsid which ends to 513, so I get as  
> Administrator the Rights of the normals Domain USer. But in LDAP the  
> PrimaryGroupSid for root is set to 512 (DomainAdmins).
> In the Group-Entry for the Group of the DomainAdmins root is also in  
> MemberUID.
> Can anybody tell me why the PrimaryGropSid isn't used by samba?

Samba uses the gidNumber of the account and maps it via the
group mapping entries to a SID. We only have the
primaryGroupSid still in our schema because removing it
would have made upgrades almost impossible.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: Digital signature
URL: <http://lists.samba.org/pipermail/samba/attachments/20090923/fc0815a7/attachment.pgp>

More information about the samba mailing list