[Samba] Local Administrators (group) and delegation in AD

Rowland Penny rowlandpenny241155 at gmail.com
Wed Nov 4 15:49:29 UTC 2015

On 04/11/15 15:09, mathias dufresne wrote:
> As Davor wants to delegate I  expect he does not want to give
 > Administrator password to these persons ;) And using a keytab to
 > avoid giving them the password is not a solution: they would be able
 > to perform everything they want on samba, which is certainly far from
 > the delegation he initially thought...

Ah, what I posted was the same as what Davor posted, just doing it 
another way. If you run the command on the DC as root, you don't need 
the '-UAdministrator' part. It just adds the group 'Domain Admins' to 
the group 'Administrators'

Also, if I remember correctly, you still need the Administrator password 
if you do it Davor's way.


More information about the samba mailing list