"John H Terpstra" <[EMAIL PROTECTED]> wrote: >> On the UNIX system addition/change of user accounts requires UID=0. If you want your Administrator to be able to manage user accounts UID=0 is a must. Also, the RID for Administrator must be 500 for the account to have admin privileges in Windows. <<
OK. The Linux box is at a school and administered by novices, so I've set up user account management via Webmin, with synchronization of the Samba accounts. This is working well. However, in order for Administrator to be able to log in on the domain, I had to create an "Administrator" account, hence the one with an ID of 604. Same on my office network, but here I've created a group, smbadmins, added Administrator and myself into it, and then added domain admin group = @smbadmins (following some online docs, but testparm doesn't like this, so I'll remove it) admin users = @smbadmins printer admin = @smbadmins I also upgraded from 2.2 to 3.04 and this seems to be a lot happier when running USRMGR.EXE, etc. >> If you are using and LDAP backend it is imperative that all UIDs and RIDs must be unambiguous. So if you have a root account and an Administrator account - you have introduced ambiguity. It is best to use the 'root' account in place of the NT Administrator. Just make sure that the RID for the root account is 500. << No LDAP (yet). My big questions, then, are: 1. How do I set the RID for the Administrator or root account? Currently, the SID is User SID: S-1-5-21-754926933-3079649434-3472319497-2208. I've tried editing it with: pdbedit -r -u Administrator -U S-1-5-21-754926933-3079649434-3472319497-500 but it doesn't change (and -d4 doesn't produce any useful debugging info, AFAICS). And of course the other setup is on Samba 2.2, which doesn't have pdbedit. How can the RID be changed there? 2. If we don't need to use USEMGR.EXE for account management, is there any other reason why the Administrator account needs UID/GUD = 0? I'm nervous about using the root password for domain & workstation administration tasks. Thanks, Best, --- Les Bell, RHCE, CISSP [http://www.lesbell.com.au] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
