Volker Lendecke schrieb:
On Wed, Sep 23, 2009 at 12:33:24PM +0200, Daniel Spannbauer wrote:
Hmmm, when I log in on the Workstation as Administrator (which is mapped
to User root) then I get a Groupsid which ends to 513, so I get as
Administrator the Rights of the normals Domain USer. But in LDAP the
PrimaryGroupSid for root is set to 512 (DomainAdmins).
In the Group-Entry for the Group of the DomainAdmins root is also in
MemberUID.
Can anybody tell me why the PrimaryGropSid isn't used by samba?
Samba uses the gidNumber of the account and maps it via the
group mapping entries to a SID. We only have the
primaryGroupSid still in our schema because removing it
would have made upgrades almost impossible.
Hello Volker,
that means if the user Root has an Entry "primaryGroupSID" with the sid
512 then the User should have Admin-Rights because hes in the
Domain-Admin-Group?
Regards
Daniel
Volker
--
Daniel Spannbauer Software Entwicklung
marco Systemanalyse und Entwicklung GmbH Tel +49 8333 9233-27 Fax -11
Rechbergstr. 4 - 6, D 87727 Babenhausen Mobil +49 171 4033220
http://www.marco.de/ Email d...@marco.de
Geschäftsführer Martin Reuter HRB 171775 Amtsgericht München
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
