On Wed, May 26, 2021 at 2:56 PM Andrew Walker <walker.aj325 at gmail.com>
wrote:
>
>
> On Wed, May 26, 2021 at 2:45 PM Nick Couchman <nick.e.couchman at
gmail.com>
> wrote:
>
>> root@:/usr/ports/net/samba # net groupmap list
>>> Guests (S-1-5-32-546) -> BUILTIN\guests
>>> Administrators (S-1-5-32-544) -> BUILTIN\administrators
>>> Users (S-1-5-32-545) -> BUILTIN\users
>>> smb_admins (S-1-5-21-3928159180-3161166842-2405926743-1002) ->
smb_admins
>>>
>>> 4) add new sid as a foreign group for BUILTIN\\Administrators and
verify
>>> root@:/usr/ports/net/samba # net groupmap addmem S-1-5-32-544
>>> S-1-5-21-3928159180-3161166842-2405926743-1002
>>> root@:/usr/ports/net/samba # net groupmap listmem S-1-5-32-544
>>> S-1-5-21-3928159180-3161166842-2405926743-1002
>>>
>>>
>> Thank you, Andrew - this wasn't exactly the solution for me, but it
put
>> me on the right track. I am using AD - Samba is a member of the AD
domain -
>> and it was very simple - just needed to get the SID of the users/groups
and
>> then do the "net groupmap addmem" command to add them to the
local
>> Administrators group. Seems to be working great.
>>
>> Thank you!
>> -Nick
>>
>
> Glad to hear it worked for you. Do note that you are making these SIDs
> de-facto local admins on your server. With great power comes great
> responsibility and such.
>
Yep, understood - I'm very choosy about who is going to get that access :-D.
-Nick