On 26/09/14 11:48, Joakim Tjernlund wrote:
Don't quite follow here. I do have a local root user in passwd/shadow
with
a
local pw as required by any UNIX I know. I also have a AD root account.
Lets get this straight, you have a user called 'root' in /etc/passwd and
another user called 'root' in AD, is this correct ???
Yes
Then you need to delete the AD user 'root', unlike the earlier NT4-style
samba domain, samba4 AD domains cannot have a user with the same name as
a local Unix user. If you want a domain admin user, create one, allow it
to use sudo and then use this user to administrate your domain. If
something was to go wrong, you will still have the local 'root' account
that you can use locally (or by a correctly setup ssh server) to fix the
problem. If you think that your users will alter your root passwords,
then you need to limit just what your users are capable of. If you do
not know how to do this, or cannot find out how to do this, I would
suggest that you need find another job.
PS.
Why is it so hard to keep me on CC? Some list setting which makes
this easy to forget?
Nothing to do with any list setting, you should get the replies if you
are a list member, I normally just reply to list, but in this case I
'CC'd' you
Rowland
Rowland
_______________________________________________
sssd-users mailing list
[email protected]
https://lists.fedorahosted.org/mailman/listinfo/sssd-users
