thr3ads.net - samba - [Samba] Ordinary users automatically member of "Domain Admins" [Feb 2004]

If this information is useful, please help other people find it:
Share via:

Beast

2004-Feb-25 15:12 UTC

[Samba] Ordinary users automatically member of "Domain Admins"

I've just migrate existing NT users to samba, some users are having SID
number 100x.

The funny thing is, from NT usermanager, these users are member of  "Domain
Admins" group because of their SID?

[root@credo samba]# pdbedit -L -v jktajit
Unix username:        jktajit
NT username:          jktajit
Account Flags:        [U          ]
User SID:             S-1-5-21-2140563141-904681572-988572150-1012
Primary Group SID:    S-1-5-21-2140563141-904681572-988572150-513
...

However, admin user which having SID 500 and Group RID 512 (uid=0,gid=0) is not
member of domain admins!

[root@credo samba]# pdbedit -L -v smbrootjkt
Unix username:        smbrootjkt
NT username:          smbrootjkt
Account Flags:        [U          ]
User SID:             S-1-5-21-2140563141-904681572-988572150-500
Primary Group SID:    S-1-5-21-2140563141-904681572-988572150-512
Full Name:            SAMBA Root Account
....

[root@credo samba]# net groupmap list
Domain Users (S-1-5-21-2140563141-904681572-988572150-513) -> userjkt
Domain Computers (S-1-5-21-2140563141-904681572-988572150-515) -> wsjkt
Domain Guests (S-1-5-21-2140563141-904681572-988572150-514) -> guestjkt
Domain Admins (S-1-5-21-2140563141-904681572-988572150-512) -> root
...

Why?


--beast

samba - Feb 2004 - Ordinary users automatically member of "Domain Admins"

[Samba] Ordinary users automatically member of "Domain Admins"