[Samba] Local Administrators (group) and delegation in AD
mathias dufresne
infractory at gmail.com
Wed Nov 4 15:09:14 UTC 2015
As Davor wants to delegate I expect he does not want to give Administrator
password to these persons ;)
And using a keytab to avoid giving them the password is not a solution:
they would be able to perform everything they want on samba, which is
certainly far from the delegation he initially thought...
2015-11-03 9:48 GMT+01:00 Rowland Penny <rowlandpenny241155 at gmail.com>:
> On 03/11/15 08:10, Davor Vusir wrote:
>
>>
>>
>> No, Davor. That won't work. The delegated user account is not member of
>> 'AD\Domain Admins' which is member of the group 'SERVER\Administrators'.
>> You have to use the username map to be able to add the first AD-group or
>> account to 'SERVER\Administrators'.
>>
>>
> No, Davor, you don't have to use a username map, as long as you have
> samba-tool on your client (which means it has to be a Unix client).
>
> samba-tool group addmembers Domain\ Admins testunixgroup -H ldap://
> 192.168.0.2 -UAdministrator
>
> 192.168.0.2 is the DC
>
> Rowland
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
More information about the samba
mailing list