Okay... you're a bit light on information, but let me see if I can assist and I'll just make a few assumptions. First, you'll have to create a unix account with the name Administrator, and then use smbpasswd -a to give the guy the necessary samba info. In order to give our user 'Administrator' the necessary rights to actually tromp around the domain as an administrator, he'll (strange... I never think of root as having a gender, but Administrator seems like a he) have to be part of a group that is mapped to the Domain Administrator group. To do this, add a unix group named 'domadmin', and then use the 'net groupmap' command to associate the proper RID (the domian admin RID is 512) with the unix group. Then add your Administrator user to the domadmin group, restart the samba server (may not be necessary), and everything should work as desired. I have a bunch of links about this stuff back at work, but its Sunday, and as much fun as it would be to ssh into my work box, I try not to during the weekend. If you need further assistance or expectation (like how to use net... its a bit of a beast), just shout and I'll try and dig up those links on Monday for ya. -Sean On Monday 08 September 2003 02:52 am, godber@win.co.nz wrote:> How do you add an "Administrator" account to ldap. > > I want to leave root in /etc/passwd but have "Administrator" in ldap > I have checked Howto Collection and the Samba-Ldap-3 but they contain no > information. The Ldap-Howto has a suggestion but then says not to use. > > Godfrey
On Mon, 8 Sep 2003 godber@win.co.nz wrote:> The example seem to be incomplete > > I want to ensure Administrator and Guest have the correct RIDs ie > > DOMAIN_USER_RID_ADMIN 0x0000 01F4 > DOMAIN_USER_RID_GUEST 0x0000 01F5 > > The information you give is great but how to ensure the > Administrator/Guest user has the correct RID? > > There are good examples of adding users to groups in the howto > but no information on how to set a users rid?Try: pdbedit -? - John T. -- John H Terpstra Email: jht@samba.org
How do you add an "Administrator" account to ldap. I want to leave root in /etc/passwd but have "Administrator" in ldap I have checked Howto Collection and the Samba-Ldap-3 but they contain no information. The Ldap-Howto has a suggestion but then says not to use. Godfrey
Service Informatique
2003-Sep-08 11:35 UTC
[Samba] Re: Samba-3 Ldap Adding Administrator Account
godber@win.co.nz wrote:> How do you add an "Administrator" account to ldap. > I want to leave root in /etc/passwd but have "Administrator" in ldap > I have checked Howto Collection and the Samba-Ldap-3 but they contain no information. The Ldap-Howto has a suggestion but then says not to use. > GodfreyI don't know which version of samba you have, i use samba 3.0.0rc2 and LDAP. I didn't wanted to have root in LDAP too as I plan to use my LDAP for two servers and I don't want the same root account/password. In my smb.conf i write : passdb backend = ldapsam:ldap://127.0.0.1 tdbsam guest then restart samba, and launch : pdbedit -b tdbsam -a root You can check if it worked with pdbedit -b tdbsam -L -v It worked for me perfectly. I've added later root and a few others to the "Domain Admin" group in a LDAP entry. The drawback is that the account's still named 'root', not 'Administrator'. I hope i'll help you a bit. -- Eric DECORNOD, Service Informatique IUT Louis Pasteur Schiltigheim
Sorry a bit more information The smb-ldap-3 Howto gives the example http://www.unav.es/cti/ldap-smb/smb-ldap-3-howto.htm dn: uid=Administrator, o=smb, dc=unav, dc=es cn: Administrator objectClass: sambaAccount objectClass: posixAccount uid: Administrator pwdLastSet: 0 logonTime: 0 logoffTime: 0 kickoffTime: 0 pwdCanChange: 0 pwdMustChange: 0 smbHome: \\%N\ homeDrive: U: profilePath: \\%N\\profile rid: 1000 primaryGroupID: 512 lmPassword: 37D5B8AB8069F5B8AB5B8AB8B8AB8069 ntPassword: 5B8AB8B8AB85B8A5B8AB8B8AB82BE319 acctFlags: [UX ] gecos: Samba Admin homeDirectory: / loginShell: /dev/null uidNumber: 0 gidNumber: 0 dn: uid=nobody,o=smb, dc=unav, dc=es objectClass: sambaAccount objectClass: posixAccount uid: nobody pwdLastSet: 1026225030 logonTime: 0 logoffTime: 2147483647 kickoffTime: 2147483647 pwdCanChange: 0 pwdMustChange: 2147483647 displayName: Nobody cn: Nobody rid: 501 primaryGroupID: 514 gecos: Nobody or Guest homeDirectory: / loginShell: /dev/null uidNumber: 99 gidNumber: 99 acctFlags: [UX ] The example seem to be incomplete I want to ensure Administrator and Guest have the correct RIDs ie DOMAIN_USER_RID_ADMIN 0x0000 01F4 DOMAIN_USER_RID_GUEST 0x0000 01F5 The information you give is great but how to ensure the Administrator/Guest user has the correct RID? There are good examples of adding users to groups in the howto but no information on how to set a users rid? Godfrey> Okay... you're a bit light on information, but let me see if I can assist and > I'll just make a few assumptions. > > First, you'll have to create a unix account with the name Administrator, and > then use smbpasswd -a to give the guy the necessary samba info. In order to > give our user 'Administrator' the necessary rights to actually tromp around > the domain as an administrator, he'll (strange... I never think of root as > having a gender, but Administrator seems like a he) have to be part of a > group that is mapped to the Domain Administrator group. > > To do this, add a unix group named 'domadmin', and then use the 'net groupmap' > command to associate the proper RID (the domian admin RID is 512) with the > unix group. Then add your Administrator user to the domadmin group, restart > the samba server (may not be necessary), and everything should work as > desired. > > I have a bunch of links about this stuff back at work, but its Sunday, and as > much fun as it would be to ssh into my work box, I try not to during the > weekend. If you need further assistance or expectation (like how to use > net... its a bit of a beast), just shout and I'll try and dig up those links > on Monday for ya. > > -Sean > > On Monday 08 September 2003 02:52 am, godber@win.co.nz wrote: > > How do you add an "Administrator" account to ldap. > > > > I want to leave root in /etc/passwd but have "Administrator" in ldap > > I have checked Howto Collection and the Samba-Ldap-3 but they contain no > > information. The Ldap-Howto has a suggestion but then says not to use. > > > > Godfrey