[Samba] Root user shows up as "administrator"
Rowland penny
rpenny at samba.org
Tue Feb 16 15:16:52 UTC 2021
On 16/02/2021 13:52, L.P.H. van Belle via samba wrote:
> Well, now look again.
>
> ADDOM\Administrator != BUILTIN\Administrator
> The rest is in the bug report.
The problem with that is, there doesn't seem to be a BUILTIN\Administrator
root at dc4:~# wbinfo -n BUILTIN\\Administrator
failed to call wbcLookupName: WBC_ERR_DOMAIN_NOT_FOUND
Could not lookup name BUILTIN\Administrator
There is BUILTIN\Administrators
root at dc4:~# wbinfo -n BUILTIN\\Administrators
S-1-5-32-544 SID_ALIAS (4)
And a Domain Administrator
root at dc4:~# wbinfo -n Administrator
S-1-5-21-1768301897-3342589593-1064908849-500 SID_USER (1)
If I use 'S-1-5-32' and Administrator RID, I still cannot find
BUILTIN\\Administrator
root at dc4:~# wbinfo -s S-1-5-32-500
failed to call wbcLookupSid: WBC_ERR_DOMAIN_NOT_FOUND
Could not lookup sid S-1-5-32-500
If also look in idmap.ldb , I find this:
dn: CN=S-1-5-21-1768301897-3342589593-1064908849-500
cn: S-1-5-21-1768301897-3342589593-1064908849-500
objectClass: sidMap
objectSid: S-1-5-21-1768301897-3342589593-1064908849-500
type: ID_TYPE_UID
xidNumber: 0
distinguishedName: CN=S-1-5-21-1768301897-3342589593-1064908849-500
>
> basicly it comes to ..
>> And there are even more that think that making the Windows 'super' user
>> into a standard Unix user is a bad idea
> using BUILTIN\ fixes this in my opinion.
>
Yes, but where are you getting 'BUILTIN\Administrator' from ??
Rowland
More information about the samba
mailing list