[Samba] No Admin-Rights in SMB-PDC-Domain

Daniel Spannbauer ds at marco.de
Wed Sep 23 04:45:22 MDT 2009

Volker Lendecke schrieb:
> On Wed, Sep 23, 2009 at 12:33:24PM +0200, Daniel Spannbauer wrote:
>> Hmmm, when I log in on the Workstation as Administrator (which is mapped  
>> to User root) then I get a Groupsid which ends to 513, so I get as  
>> Administrator the Rights of the normals Domain USer. But in LDAP the  
>> PrimaryGroupSid for root is set to 512 (DomainAdmins).
>> In the Group-Entry for the Group of the DomainAdmins root is also in  
>> MemberUID.
>> Can anybody tell me why the PrimaryGropSid isn't used by samba?
> Samba uses the gidNumber of the account and maps it via the
> group mapping entries to a SID. We only have the
> primaryGroupSid still in our schema because removing it
> would have made upgrades almost impossible.

Hello Volker,

that means if the user Root has an Entry "primaryGroupSID" with the sid 
512 then the User should have Admin-Rights because hes in the 



> Volker

Daniel Spannbauer                         Software Entwicklung
marco Systemanalyse und Entwicklung GmbH  Tel   +49 8333 9233-27 Fax -11
Rechbergstr. 4 - 6, D 87727 Babenhausen   Mobil +49 171 4033220
http://www.marco.de/                      Email ds at marco.de
Geschäftsführer Martin Reuter             HRB 171775 Amtsgericht München

More information about the samba mailing list