Re: [Samba] what is the SID of the domain administrator?
Tomasz Chmielewski wrote: Paul Gienger schrieb: Does the domain administrator SID always end with -1000? It should never be 1000 Please review http://support.microsoft.com/default.aspx?scid=kb;en-us;243330 Well, for me it's -1000 for two different Samba domains. Coincidence? Administrator SID should -500, but any user can be a member of domain admin (group SID -512), so as long as you add that user to Domain Admins group, it always has admin priviledge. However, to be a 'true' administrator (ie, able to join a pc to domain), you must give them unix uid of 0. -- --beast -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] what is the SID of the domain administrator?
On 11/17/05, Beast [EMAIL PROTECTED] wrote: However, to be a 'true' administrator (ie, able to join a pc to domain), you must give them unix uid of 0. This is no longer the case on recent versions of Samba, since support for Windows privileges was added in Samba 3.011. Now, anyone with the SeMachineAccountPrivilege can add PCs to the domain. See http://us1.samba.org/samba/docs/man/Samba-HOWTO-Collection/rights.html. Josh Kelley -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] what is the SID of the domain administrator?
Does the domain administrator SID always end with -1000? I.e., if the SID for the domain is: S-1-2-33-44-5-66 does this mean that the domain administrator's SID would be: S-1-2-33-44-5-66-1000 ? How can I get the SID number for any given user? -- Tomek http://wpkg.org WPKG - software deployment and upgrades with Samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE [Samba] what is the SID of the domain administrator?
Hi, Please read the samba-howto-collection available on samba website. The cahper about right and privileges talk about that. --- Stéphane PURNELLE [EMAIL PROTECTED] Service Informatique Corman S.A. Tel : 00 32 087/342467 [EMAIL PROTECTED] a écrit sur 16/11/2005 14:58:01 : Does the domain administrator SID always end with -1000? I.e., if the SID for the domain is: S-1-2-33-44-5-66 does this mean that the domain administrator's SID would be: S-1-2-33-44-5-66-1000 ? How can I get the SID number for any given user? -- Tomek http://wpkg.org WPKG - software deployment and upgrades with Samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: RE [Samba] what is the SID of the domain administrator?
[EMAIL PROTECTED] schrieb: Hi, Please read the samba-howto-collection available on samba website. The cahper about right and privileges talk about that. well, it doesn't say much about fetching SID for a given user. I could guess one uses net usersidlist, but in my case, it gives this output: # net usersidlist [2005/11/16 15:16:10, 0] utils/net_rpc.c:net_usersidlist(3853) Could not get the user/sid list -- Tomek http://wpkg.org WPKG - software deployment and upgrades with Samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] what is the SID of the domain administrator?
Does the domain administrator SID always end with -1000? It should never be 1000 Please review http://support.microsoft.com/default.aspx?scid=kb;en-us;243330 How can I get the SID number for any given user? You could divine the SID if you know the UID and the RID calculation, presuming that samba has generated all of your user SIDs. Otherwise, if you're using LDAP you could either look in the LDAP object or use smbldap-usershow. If not, you can use pdbedit -L -v username which should give you all of the windows related info. ps. Sorry for spamming you Tomasz, but I forgot to reply-to-all the first time -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] what is the SID of the domain administrator?
Paul Gienger schrieb: Does the domain administrator SID always end with -1000? It should never be 1000 Please review http://support.microsoft.com/default.aspx?scid=kb;en-us;243330 Well, for me it's -1000 for two different Samba domains. Coincidence? How can I get the SID number for any given user? You could divine the SID if you know the UID and the RID calculation, presuming that samba has generated all of your user SIDs. Otherwise, if you're using LDAP you could either look in the LDAP object or use smbldap-usershow. If not, you can use pdbedit -L -v username which should give you all of the windows related info. smbldap-usershow was what I was looking for! :) -- Tomek http://wpkg.org WPKG - software deployment and upgrades with Samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] what is the SID of the domain administrator?
Does the domain administrator SID always end with -1000? It should never be 1000 Please review http://support.microsoft.com/default.aspx?scid=kb;en-us;243330 Well, for me it's -1000 for two different Samba domains. Coincidence? You probably had a domain user with UID 0 (root) and then added samba attributes to it. The default RID calculation (uid*2)+1000 would have given you the 1000. Otherwise, maybe the smbldap-populate script did it that way in old versions? Anyway, I don't think windows won't respect that user as being an administrator unless the RID portion is what is listed in the doc above. smbldap-usershow. If not, you can use pdbedit -L -v username which should give you all of the windows related info. smbldap-usershow was what I was looking for! :) For general purpose, the pdbedit is probably a better use since it doesn't care what your backend is, but smbldap-usershow gives you non-samba stuff as well. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
