[Samba] Local Administrators (group) and delegation in AD
rowlandpenny241155 at gmail.com
Wed Nov 4 15:49:29 UTC 2015
On 04/11/15 15:09, mathias dufresne wrote:
> As Davor wants to delegate I expect he does not want to give
> Administrator password to these persons ;) And using a keytab to
> avoid giving them the password is not a solution: they would be able
> to perform everything they want on samba, which is certainly far from
> the delegation he initially thought...
Ah, what I posted was the same as what Davor posted, just doing it
another way. If you run the command on the DC as root, you don't need
the '-UAdministrator' part. It just adds the group 'Domain Admins' to
the group 'Administrators'
Also, if I remember correctly, you still need the Administrator password
if you do it Davor's way.
More information about the samba