[Samba] No Admin-Rights in SMB-PDC-Domain
Daniel Spannbauer
ds at marco.de
Wed Sep 23 04:45:22 MDT 2009
Volker Lendecke schrieb:
> On Wed, Sep 23, 2009 at 12:33:24PM +0200, Daniel Spannbauer wrote:
>> Hmmm, when I log in on the Workstation as Administrator (which is mapped
>> to User root) then I get a Groupsid which ends to 513, so I get as
>> Administrator the Rights of the normals Domain USer. But in LDAP the
>> PrimaryGroupSid for root is set to 512 (DomainAdmins).
>> In the Group-Entry for the Group of the DomainAdmins root is also in
>> MemberUID.
>>
>> Can anybody tell me why the PrimaryGropSid isn't used by samba?
>
> Samba uses the gidNumber of the account and maps it via the
> group mapping entries to a SID. We only have the
> primaryGroupSid still in our schema because removing it
> would have made upgrades almost impossible.
>
Hello Volker,
that means if the user Root has an Entry "primaryGroupSID" with the sid
512 then the User should have Admin-Rights because hes in the
Domain-Admin-Group?
Regards
Daniel
> Volker
--
Daniel Spannbauer Software Entwicklung
marco Systemanalyse und Entwicklung GmbH Tel +49 8333 9233-27 Fax -11
Rechbergstr. 4 - 6, D 87727 Babenhausen Mobil +49 171 4033220
http://www.marco.de/ Email ds at marco.de
Geschäftsführer Martin Reuter HRB 171775 Amtsgericht München
More information about the samba
mailing list