Hello AD 4.13.2 running, Joinet Debina 10 machine, if sign in with Domain Admin User to Debian, aim a normal User without any more rights I need to put the AD Admin User to Passwd Group? So that this will receive the Domain Admin Right on this Debian Server? Thanks
On 03/12/2020 17:48, Maurizio Caloro via samba wrote:> Hello > > AD 4.13.2 running, Joinet Debina 10 machine, if sign in with Domain Admin > User to Debian, aim a normal User without any more rights > > I need to put the AD Admin User to Passwd Group? So that this will receive > the Domain Admin Right on this Debian Server? > > Thanks > > >By 'Domain Admin User' do you mean 'Administrator' ? If so, you need a line like this in your Unix domain members smb.conf: username map = /etc/samba/user.map and create /etc/samba/user.map containing this: !root = DOMAIN\Administrator Where 'DOMAIN' is your workgroup name. If this isn't your problem, please post your smb.conf. Rowland
On 12/3/20 1:48 PM, Maurizio Caloro via samba wrote:> Hello > > AD 4.13.2 running, Joinet Debina 10 machine, if sign in with Domain Admin > User to Debian, aim a normal User without any more rightsAs it should be, the Windows concept of being a domain administrator granting you administrator on all machines is by default bad. That is why so many AD security recommendations tell Windows administrators to have a normal user for daily usage and switch to the domain administrator only when needed, a cheaper version of sudo. You should add sudo rules to the members of that group or other more specialized or add domain users to the wheel local group.> > I need to put the AD Admin User to Passwd Group? So that this will receive > the Domain Admin Right on this Debian Server? > > Thanks > > >