Edmundo Valle Neto
2006-Jul-04 01:57 UTC
[Samba] What the Administrator RID 500 is supposed to be able to do?
Hello. I have a samba PDC using an LDAP backend and everything is working perfectly. I'm using debian sarge as server with samba 3.0.14a and have populated the LDAP backend with smbldap-tools (smbldap-populate). I have readed the chapter 14 of TOSHARG, where it explains about privileges, I can assign privileges and use them but not have understood the part that says something about the Administrator well know RID 500. If I use the root account I can join workstations to the domain, etc. If I use any other account with proper privileges granted I'm able to do what the assigned privileges permits to do (join workstations, etc). The smbldap-tools that I used doesnt set the RID of the administrator account to 500, and even when I set it to 500 I don't see any difference, I can't join workstations with that account. When I try to do it the Windows XP workstation gives me an error saying that the username cannot be found. Looking at the samba logs of the workstation appears something like that: ... [2006/07/03 21:34:28, 0] rpc_server/srv_samr_nt.c:_samr_create_user(2324) _samr_create_user: Running the command `/usr/sbin/smbldap-useradd -w "testmachine$"' gave 1 ... Indicating that the script returned an error (probably because the lack of rights to add an account). So I ask, what the Administrator account is supposed to be able to do when having the well known RID 500, that it doesnt do when the RID is any other value? And another more general question. Some other groups have well known RIDs too, besides it beeing the right RID for them, what should be the difference if they had any other values? Whould It raise any problem? Regards. Edmundo Valle Neto
Edmundo Valle Neto
2006-Jul-04 02:19 UTC
[Samba] What the Administrator RID 500 is supposed to be able to do?
Answering my own question. I have found some related questions in the mailing list archive saying that RIDS doesn't change the behavior of the accounts to samba, only the way they appear to windows clients. Edmundo Valle Neto
Possibly Parallel Threads
- Default behavior of setting SUID bit in directories.
- Re: samba Digest, Vol 46, Issue 2
- Samba and LDAP: Trouble adding Win XP machines to the domain
- smbldap-useradd not creating machine accounts in correct fashion
- Problem with samba+openldap with regard changing passwords from windows