1. Forum
  2. Usenet
  3. LINUX.SAMBA

  • [Samba] rename Administrator account

    From =?utf-8?Q?Bart_Coninckx?= via samba@21:1/5 to All on Fri Mar 17 16:00:01 2017
    Hi all,

     
    Renaming the admin account in Windows server context is a popular measure to make the network more safe. 

    Can we do this also in Samba 4? Are there any negative consequences?

     
    Met Vriendelijke Groet,
    Kind Regards,
    Salutations,
     
     
    Bart Coninckx
    Bits 'n Tricks BVBA
     
    Hoge Mierdse Heide 182
    2360 Oud-Turnhout
    tel. +32 14 480 820

    gsm +32 478 88 33 08
    info@bitsandtricks.com
    http://www.bitsandtricks.com
    BTW: BE0817.401.875

    Crelan BE46 8601 0806 3436

    Voor onze Algemene Voorwaarden, zie: http://www.bitsandtricks.com/index.php/contact/algemene-voorwaarden

     
    --
    To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Marc Muehlfeld via samba@21:1/5 to All on Sat Mar 18 15:30:01 2017
    Am 17.03.2017 um 15:52 schrieb Bart Coninckx via samba:
    Renaming the admin account in Windows server context is a
    popular measure to make the network more safe.

    Can we do this also in Samba 4? Are there any negative consequences?

    Sure you can rename it. Being a member of the right groups decite what
    an account can do.

    However, I don't understand how renaming the admin account improves the security. For example, every domain user can easily find out who is a
    member of the "Domain Admins" group:

    dsquery group -name "Domain Admins" | dsget group -members
    "CN=DomAdm,CN=Users,DC=samdom,DC=example,DC=com"

    Regards,
    Marc


    PS. By the way talking about "Samba 4" can be misleading. It's better if
    you use the terms "Samba AD", "Samba NT4 domain", "Samba standalone
    server", "Samba domain member", etc. depending on what you are talking
    about. Samba 4 can act as all of them.


    --
    To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From =?utf-8?Q?Bart_Coninckx?= via samba@21:1/5 to All on Tue Mar 21 16:40:02 2017
    Sure you can rename it. Being a member of the right groups decite what
    an account can do.

    However, I don't understand how renaming the admin account improves the >security. For example, every domain user can easily find out who is a
    member of the "Domain Admins" group:

    dsquery group -name "Domain Admins" | dsget group -members "CN=DomAdm,CN=Users,DC=samdom,DC=example,DC=com"

    Regards,
    Marc

    Hi Marc,

     
    I agree that is not the holy grail of security, but as an average user is not able to do a dsquery, it has some added value.

    My customer asked me this, so I now I can tell him that it its possible,

     
    cheers,

     
    BC

    --
    To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)