[KLUG Members] Help for upgrade to Samba 3.0.1 (LDAPSAM) fm 2.2.8a
anybody?
Jim C.
members@kalamazoolinux.org
Tue, 20 Jan 2004 13:34:16 -0800
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
| Don't create and administrator account. Create an administrative group
| mapped to the Administrators built in and set the sambaSID of root to
| the builtin RID of the domain administrator.
OK, addressing these one by one.
| Don't create and administrator account. Create an administrative group
Right but someone has to belong to that group so that at least one user
has admin privledges. I was going to use Administrator for this. Why
not? Note below that "Administrator" has a uid/rid of something other
than 500/1000.
| mapped to the Administrators built in and set the sambaSID of root to
Is that "Administrators" literally or are you referring to the required
group "Admins"? (That is "required" in accordance with the docs last
sent which I've been reading. ) Note: This db also does Linux auth.
I would also like some clarification of this "root" account. The dn
used to access the LDAP database administratively is
cn=root,dc=j9starr,dc=net. However there is no actual posix or samba
user named "cn=root,ou=People,dc=j9starr,dc=net". From what it seems
like you are telling me, I must first add one.
| the builtin RID of the domain administrator.
Current structure:
dn: sambaDomainName=J9STARR,dc=j9starr,dc=net
sambaDomainName: J9STARR
sambaSID: S-1-5-21-1825057718-3407101348-4194330872
sambaAlgorithmicRidBase: 1000
objectClass: sambaDomain
In "ou=People,dc=j9star,dc=net" I have:
Administrator
gidNumber: 512
uidNumber: 998
sambaPrimaryGroupSID: S-1-5-21-1825057718-3407101348-4194330872-512
sambaSID: S-1-5-21-1825057718-3407101348-4194330872-2996
etc...
nobody
gidNumber: 514
uidNumber: 999
sambaPrimaryGroupSID: S-1-5-21-1825057718-3407101348-4194330872-514
sambaSID: S-1-5-21-1825057718-3407101348-4194330872-2998
Then I have these groups:
dn: cn=Domain Admins,ou=Group,dc=j9starr,dc=net
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 512
cn: Domain Admins
memberUid: Administrator
description: Netbios Domain Administrators
sambaSID: S-1-5-21-1825057718-3407101348-4194330872-512
sambaGroupType: 2
displayName: Domain Admins
dn: cn=Domain Users,ou=Group,dc=j9starr,dc=net
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 513
cn: Domain Users
description: Netbios Domain Users
sambaSID: S-1-5-21-1825057718-3407101348-4194330872-513
sambaGroupType: 2
displayName: Domain Users
dn: cn=Domain Guests,ou=Group,dc=j9starr,dc=net
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 514
cn: Domain Guests
description: Netbios Domain Guests Users
sambaSID: S-1-5-21-1825057718-3407101348-4194330872-514
sambaGroupType: 2
displayName: Domain Guests
dn: cn=Domain Computers,ou=Group,dc=j9starr,dc=net
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 553
cn: Domain Computers
description: Netbios Domain Computers accounts
sambaSID: S-1-5-21-1825057718-3407101348-4194330872-553
sambaGroupType: 2
displayName: Domain Computers
- --
- -----------------------------------------------------------------
| I can be reached on the following messenger services: |
|---------------------------------------------------------------|
| MSN: j_c_llings@hotmail.com AIM: WyteLi0n ICQ: 123291844 |
|---------------------------------------------------------------|
| Y!: j_c_llings Jabber: jcllings@nureality.com |
- -----------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3-nr1 (Windows XP)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFADZ7Y57L0B7uXm9oRAnzQAJ4i2w/tZ+1xROtzbNClwhXtaoBghACeIdPt
D2VaRnM7ej+XJygSEMi4ZpA=
=yJul
-----END PGP SIGNATURE-----