[Samba] NT Administrator account changes permissions when logging onto samba server
Michael J. Luevane
mikel at quantecllc.com
Tue Oct 29 17:34:40 GMT 2002
Answers below...
> -----Original Message-----
> From: samba-admin at lists.samba.org [mailto:samba-admin at lists.samba.org]On
> Behalf Of Buchan Milne
> Sent: Tuesday, October 29, 2002 1:26 AM
> To: Michael J. Luevane
> Cc: samba at lists.samba.org
> Subject: Re: [Samba] NT Administrator account changes permissions when
> logging onto samba server
>
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> > Message: 7
> > From: "Michael J. Luevane" <mikel at quantecllc.com>
> > To: "Samba at Lists. Samba. Org" <samba at lists.samba.org>
> > Date: Mon, 28 Oct 2002 15:46:53 -0800
> > Subject: [Samba] NT Administrator account changes permissions when
> logging onto samba server
> >
> > Hello, all
> >
> > I have a problem with my administrator accounts on WinNT with Samba.
> >
> > When I log in locally as the Administrator, it works as
> expected - I *am*
> > the administrator for the machine.
> >
> > When I log into the domain as Administrator, it works as expected - I
> log in
> > as root.
>
> But do you have admin rights on the local machine? Ie, can you add users
> etc.?
I have admin rights on the local machine when I am NOT logged into the
domain. I do NOT have admin rights when I AM logged into the domain.
>
>
> >
> > The prolem comes when I try to do anything on the local machine as
> > Administrator (logged into the Samba server). The problem is that any NT
> > permissions that I've put onto the Administrator account are not there
> when
> > I'm logged in on the domain. When I go back to logging in locally,
> > permissions are all fine.
>
> You must apply permissions/rights/group memberships to the domain
> account you are going to use, when logged in with an account with local
> admin rights (local Administrator or Domain Admin).
>
I *did* apply the correct permissions to the local account (root,
administrator both) and they are applied correctly when I log in locally.
When I log into the domain, the permissions are gone and when I try to chane
the permissions I get an error - Incorrect Function.
> >
> > What I'm trying to do is to run Veritas' BackupExec on an NT
> server and be
> > able to backup files on the linux box (main server). When I try
> to run the
> > front end I get a permissions error - that the account must be an
> > administrator or a backup operator.
>
> When ou are running it as which user?
Any account that was given administrator priveleges locally - administrator,
root
> >
> > I go into the Administrator account (local) and set the backup account
> > to
> > Administrator *and* backup operator. Log back in. Locally, it's fine.
> >
> > Log into the domain - those permissions are not set, so I cannot run the
> > backup program.
>
> Local backup account?
Sorry - :) "I go into the Administrator account and give the account I want
to use to do backups with both administrator *and* backup operator rights.
>
> Could you post your smb.conf (or mail it to me privately), and if you
> are using something like 'username map = /etc/samba/smbusers', please
> include the username map file (/etc/samba/smbusers).
>
> I suspect that you haven't got root included in your 'domain admin group'.
>
# Samba config file created using SWAT
# from localhost.localdomain (127.0.0.1)
# Date: 2002/10/28 14:19:07
# Global parameters
[global]
workgroup = QUANTEC2
netbios name = QSERVER
server string = Quantec Server running Samba Server %v
encrypt passwords = Yes
username map = /var/lib/samba/maps/user.map
unix password sync = Yes
log file = /var/log/samba/log.%m
max log size = 50
deadtime = 15
socket options = IPTOS_LOWDELAY TCP_NODELAY SO_RCVBUF=4096 SO_SNDBUF=4096
printcap name = lpstat
domain admin group = root
add user script = /usr/sbin/useradd -d /dev/null -g 100 -s /bin/false -M
%u
logon script = logon.bat
logon path = \\%N\profiles\%u
logon drive = Z:
logon home = \\%N\homes\%u
domain logons = Yes
os level = 64
preferred master = True
domain master = True
wins support = Yes
winbind uid = 10000-20000
winbind gid = 10000-20000
winbind cache time = 30
winbind use default domain = Yes
hosts allow = 127. 10.
printing = cups
[homes]
comment = Home Directories
path = /home/
read only = No
browseable = No
[printers]
comment = All Printers
path = /var/spool/samba
create mask = 0700
guest ok = Yes
printable = Yes
print command = lpr-cups -P %p -o raw %s -r # using client side printer
drivers.
browseable = No
[print$]
path = /var/lib/samba/printers
write list = @adm root
[pdf-generator]
comment = PDF Generator (only valid users)
path = /var/tmp
printable = Yes
print command = /usr/share/samba/scripts/print-pdf %s ~%u \\\\\\\\%L\\\\%u
%m %I &
[public]
comment = Public space with read-write access
path = /mnt/common/home/local/samba-public
read only = No
[Common files]
comment = Quantec common files directory
path = /mnt/common
force group = Staff
read only = No
directory mask = 0777
inherit permissions = Yes
inherit acls = Yes
vfs object = /usr/lib/samba/vfs/recycle.so
vfs options = /etc/samba/recycle.conf
[Phaer850]
comment = Tektronix Phaser 850DP color printer
path = /tmp
printable = Yes
[netlogon]
comment = NT's netlogon share - where the logon.bat file lives
path = /var/lib/samba/netlogon
write list = root ntadmin
browseable = No
[profiles]
comment = Path to user profiles
path = /var/lib/samba/profiles
read only = No
create mask = 0600
directory mask = 0700
More information about the samba
mailing list