Domain Admins are not allowed to modify the ldapsam database via usrmgr. lib/smbldap.c: smbldap_open: cannot access LDAP when not root.. Is this by design? G?nter Gersdorf -- Guenter Gersdorf Phone: +49/(0)531/391-7634 Inst. f. Werkzeugmaschinen Fax: -5842 und Fertigungstechnik, TU Braunschweig E-Mail: G.Gersdorf@tu-bs.de Langer Kamp 19b, D-38106 Braunschweig http://www.iwf.ing.tu-bs.de/
Gerald (Jerry) Carter
2005-Oct-18 13:25 UTC
[Samba] Domain Admins can't modify ldapsam entries
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 G?nter Gersdorf wrote: | Domain Admins are not allowed to modify the ldapsam | database via usrmgr. | lib/smbldap.c: smbldap_open: cannot access LDAP when not root.. | | Is this by design? Yes. It is by design. You have to assign the SeAddUsersPrivilege to the Domain Admins group. cheers, jerry -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDVPgRIR7qMdg1EfYRAtCyAJ9Ja8CU4/clwoiemo0SShaHBMCKWQCg08wb zKcxIVuCeDyPfC4vbKM/QuM=y+Jz -----END PGP SIGNATURE-----
hi, well if i do "enable privileges = no" and "admin users = @myadmins" this works intentionally. but jerry is right: there should be no use of uid=0 anymore. greez G?nter Gersdorf wrote:> Domain Admins are not allowed to modify the ldapsam database via usrmgr. > lib/smbldap.c: smbldap_open: cannot access LDAP when not root.. > > Is this by design? > > G?nter Gersdorf-- Michael Gasch Max Planck Institute for Evolutionary Anthropology Department of Human Evolution (IT) Deutscher Platz 6 D-04103 Leipzig Germany Phone: 49 (0)341 - 3550 137