I have installed lots of samba 3 servers as PDCs for little networks serving 10 users or so. I have always set up the user "root" as the domain administrator, by setting its group SID to <domainSID>-512 with pdbedit. My "root" user has usually a user SID of <domainSID>-1000 since it is the first user I add to Samba. I have never set up a username map to map "administrator" to "root", I use "root" directly also on Windows boxes when I need to connect as the domain admin (to add workstations to the domain, for example) and I have never had issues. I have no user named "administrator" on the domain.
Now I have read in the HOWTO collection that I should set the user SID to <domainSID>-500 for the "administrator" user since this is a predefined default SID. I have found that a NT server uses 500 indeed for its "Administrator" user. First, I'd like to understand why do I need an user with the "500" SID, since I have never had one and still it seems that my "root" user is working. Second, I'd like to know what will happen if I changhe the SID of root from "1000" to "500", now that my workstations already know the user "root" by its old SID. I suppose that generally is definitely NOT a good idea to change a user's SID, because this would make his files on his workstations owned by someone else. Am I right? -- Fabio "Kurgan" Muzzi -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
