[Samba] Root Access forWindows Domain Admins
Miguel Medalha
miguelmedalha at sapo.pt
Sat Dec 11 16:21:35 MST 2010
> To put it simple id like to give our Domain Admins the same access to
> Samba shares that the root user has and havent had much luck doing
> this. Whenever I look this up I find that people are doing this
> different ways but none seem to work. The only other thing that ive
> seen people doing is adding a domain user to the sudoers list but that
> means the domain user has to be logged into the linux server and then
> elevate their privileges.
You may in fact be talking about different things, but the main ones I
can remember now are:
Admin rights at share level (can also be used as a global parameter)
In smb.conf:
admin users = "@[yourdoamin]\Domain Admins"
If you are talking about privileges:
net rpc rights list
net rpc rights grant
The possible privileges are:
SeMachineAccountPrivilege Add machines to domain
SeTakeOwnershipPrivilege Take ownership of files or other objects
SeBackupPrivilege Back up files and directories
SeRestorePrivilege Restore files and directories
SeRemoteShutdownPrivilege Force shutdown from a remote system
SePrintOperatorPrivilege Manage printers
SeAddUsersPrivilege Add users and groups to the domain
SeDiskOperatorPrivilege Manage disk shares
SeSecurityPrivilege Manage auditing and security log
For example:
net rpc rights grant "Domain Admins" SeMachineAccountPrivilege
More information about the samba
mailing list