This may be what you are looking for.. net rpc rights to manage privileges assigned to SIDs
http://us1.samba.org/samba/docs/man/Samba-HOWTO-Collection/NetCommand.html#id364647 root# net rpc rights list -U root%not24get SeMachineAccountPrivilege Add machines to domain SePrintOperatorPrivilege Manage printers SeAddUsersPrivilege Add users and groups to the domain SeRemoteShutdownPrivilege Force shutdown from a remote system SeDiskOperatorPrivilege Manage disk shares SeBackupPrivilege Back up files and directories SeRestorePrivilege Restore files and directories SeTakeOwnershipPrivilege Take ownership of files or other objects All in the docs. Adrian Sender >> > email message attachment >> -------- Forwarded Message -------- >> From: Torsten >> To: samba@lists.samba.org >> Subject: [Samba] SAMBA+LDAP-How to promote Administrator with all >> priviliges? >> Date: Thu, 11 Oct 2007 11:15:59 +0200 >> >> Hi, >> >> I have setup samba+ldap an almost everything went well, accept the fact, >> that there was no administrative account from the beginning. So I just >> created one using smbldap-useradd. >> >> samba-pdc:~# /usr/sbin/smbldap-usershow administrator >> dn: uid=administrator,ou=Users,dc=rhhu,dc=local >> objectClass: >> top,person,organizationalPerson,inetOrgPerson,posixAccount,shadowAccount,sambaSamAccount >> cn: administrator >> sn: administrator >> givenName: administrator >> uid: administrator >> uidNumber: 1004 >> gidNumber: 513 >> homeDirectory: /home/administrator >> loginShell: /bin/bash >> gecos: System User >> sambaLogonTime: 0 >> sambaLogoffTime: 2147483647 >> sambaKickoffTime: 2147483647 >> sambaPwdCanChange: 0 >> sambaSID: S-1-5-21-55810726-2383910042-1397420801-3008 >> sambaPrimaryGroupSID: S-1-5-21-55810726-2383910042-1397420801-513 >> sambaLogonScript: logon.bat >> sambaHomeDrive: Z: >> sambaLMPassword: 79A0A158A100C04D902139606B6D16B5 >> sambaAcctFlags: [U] >> sambaNTPassword: 6261BD5C725F9795FC7E84DA0350FA29 >> sambaPwdLastSet: 1187341118 >> sambaPwdMustChange: 1191229118 >> userPassword: {MD5}0/ECsVoPmE2fvVgfBQguZg== >> >> samba-pdc:~# /usr/sbin/smbldap-groupshow "Domain Admins" >> dn: cn=Domain Admins,ou=Groups,dc=rhhu,dc=local >> objectClass: top,posixGroup,sambaGroupMapping >> gidNumber: 512 >> cn: Domain Admins >> memberUid: root,Administrator >> description: Netbios Domain Administrators >> sambaSID: S-1-5-21-55810726-2383910042-1397420801-512 >> sambaGroupType: 2 >> displayName: Domain Admins >> >> So, administrator is member of Domain Admins. I suppose the problem lies >> within the primary group membership of that account, but I have no clue >> how to change the sid. >> >> What would be a practicable solution? Thanks. >> >> Regards, Torsten >> _________________________________________________________________ Your Future Starts Here. Dream it? Then be it! Find it at www.seek.com.au http://a.ninemsn.com.au/b.aspx?URL=http%3A%2F%2Fninemsn%2Eseek%2Ecom%2Eau%2F%3Ftracking%3Dsk%3Ahet%3Ask%3Anine%3A0%3Ahot%3Atext&_t=764565661&_r=OCT07_endtext_Future&_m=EXT-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba