---------- Forwarded message ---------- From: Edward Luck <[EMAIL PROTECTED]> Date: Jan 12, 2006 7:10 PM Subject: Re: [Samba] problem with administrator accounts To: "Chris St. Pierre" <[EMAIL PROTECTED]>
One other thing about Administrator access. If you try and force a RID of 500 to the user "root" you get tdb database errors. It basically doesn't work as expected. On 1/12/06, Edward Luck <[EMAIL PROTECTED]> wrote: > You need to map your Domain Admins group to a Linux group which the > root user is a member of. > > Here's a couple of things I have noticed: > > 1. User account "root" always gets a RID of 1000, not 500. So, there > is effectively no "Administrator" user account. > 2. You need to map the group "Domain Admins" to a unix group > (preferrably named "ntadmins", which root is a member of. > > With the above settings, I was able to add machines to the domain as > the user "root". > > Remember that the User RID of "500" in Windows has special privileges > - much like any account in UNIX with a userID of "0" is considered the > superuser. Because there is no account in Samba which has a RID of > 500, you need to assign Administrator privileges based on group > membership - Domain Admins to be precise. > > On 1/12/06, Chris St. Pierre <[EMAIL PROTECTED]> wrote: > > I have a small domain with a Samba PDB and two Windows clients. My > > goal is to have all accounts held centrally on the Linux box, but the > > administrator login doesn't work as an administrator. > > > > That is, I can login just fine as 'administrator' (or as any of the > > other accounts in the Samba password db), but I don't get > > administrative privileges in Windows. > > > > In smb.conf, I have: > > > > admin users = root > > username map = /etc/samba/smbusers > > > > In smbusers, I have: > > > > root = administrator > > > > The username mapping appears to occur, but 'administrator' (now > > 'root') does not receive admin privileges in Windows. (This leads to > > quite a bind, because I can't login as administrator to take the > > computer out of the domain and add a local administrator account.) > > > > Any ideas? Thanks! > > > > Chris St. Pierre > > Unix Systems Administrator > > Nebraska Wesleyan University > > > > -- > > To unsubscribe from this list go to the following URL and read the > > instructions: https://lists.samba.org/mailman/listinfo/samba > > > > > -- > Keep flying, and stay shiny. > -- Keep flying, and stay shiny. -- Keep flying, and stay shiny. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba