How to give Domain Administrator privileges to Root user in Domain Controller
Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
no such thing as a linux domain controller. DCs are a Windows only invention and do not apply to linux unless you are talking Samba, then it is a Samba share not a DC.
I think we need you to be a bit more specific about your question. For Domain Controller you could mean a Samba PDC setup. In that case you need to add an entry to the smbusers file in the Samba directory to map root to Administrator (read up the documentation - I'm sure this is a standard example given by the Samba docs).
Or are you referring to the Fedora Directory server?
user.map? Where should I put this file? I had the same question, but I found another sollution: Dont give Domain Amdins root privileges
Still, it would be nice to know where to put the file. I usually find answers like yours Kenarkies and I always have to wonder where to put the file. (no offense)
you can add something like
username map = /usr/local/samba/lib/username.map
or in /etc and put the line into your smb.conf
and since you just add Administrator to smbpasswd it shouldn't hurt anything from the domain users, unless you completely join the box to the domain.
I don't (usually) when doing it this way.
The smb.conf directive "username map" is the key. The Fedora standard installation has configuration files in /etc/samba, including smb.conf. There is an entry in that file:
username map = /etc/samba/smbusers
where the smbusers file has an entry like
root = administrator
You can put this file anywhere and give it any name of course. Check the manpage for smb.conf for more details. If you have Fedora you may already have this setup, but other distros may have a different setup and may not have "username map" configured, but you can add it.
In "/etc/samba/" I should create a "smbusers" file and add the line: "root=Administrator"
In the "smb.conf" add the line:
"username map = /etc/samba/smbusers"
Ok, thats the info was looking for
I still have one question You said:
and since you just add Administrator to smbpasswd it shouldn't hurt anything from the domain users, unless you completely join the box to the domain.
What do you mean with "completely join the box"?
well, did you join the machine to your domain or just map the users you want to access it?
if you don't want other domain users to access it don't join it and just use the map to give access to those specific users.
just don't forget when you change the domainadmin's password in AD you go back in and change the smbpasswd
well, did you join the machine to your domain or just map the users you want to access it?
if you don't want other domain users to access it don't join it and just use the map to give access to those specific users.
just don't forget when you change the domainadmin's password in AD you go back in and change the smbpasswd
I have created a Windows NT 4.0 domain and not an AD. AD is harder to secure . . . And it requires more configration for extra features we will never use ( -> Me beeing lazy )
So the linux server is running samba, fakes Windows clients being a Windows NT 4.0 PDC. I dont know if this means that the server (box) is part of the domain. I guess so. . .
* Feeling dumb *
I will be on holiday for 3 weeks, so dont worry if I dont reply in the next 3 weeks
Thanx for your help and explinations. I have difficulties understanding complexe structures as Samba, because it tries to combine Windows and Linux. So you need to know the Windows routine and the Linux routine. The man files are still to difficult for me to understand. The Windows help files aren't helpfiles: they arent helpfull at all!
Or I should quit my job and start a new easy carreer as a rocketscientest
It is probably one of the more difficult aspects of setting up a network, and requires a bit of time and patience. The best place to go is to work through the Samba Official HOWTO http://www.samba.org/samba/docs/man/...TO-Collection/ if you haven't already. There are some parts that are a bit hard but it covers your case as a classic.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.