[Samba] Cannot get DOMAIN ADMINS to work
Ryan Novosielski
novosirj at umdnj.edu
Tue Dec 14 19:04:44 GMT 2004
FWIW, I believe you'll be experiencing problems with this part of your
setup:
> Administrators (S-1-5-32-544) -> ntadmin
> Domain Admins (S-1-5-21-4008939791-1949703945-886196202-512) -> ntadmin
I don't believe that is legal. Or perhaps it is only illegal if ntadmin is
someone's primary group, not secondary. I just fought with this one
myself.
Does anyone have a good resource on this?
---- _ _ _ _ ___ _ _ _
|Y#| | | |\/| | \ |\ | | | Ryan Novosielski - User Support Spec. III
|$&| |__| | | |__/ | \| _| | novosirj at umdnj.edu - 973/972.0922 (2-0922)
\__/ Univ. of Med. and Dent. | IST/ACS - NJMS Medical Science Bldg - C630
On Fri, 10 Dec 2004, Heinrich Rebehn wrote:
> Hi list,
>
> After reading a lot in the mailing list and the official Samba 3 howto, i am
> still unable to give domain admin rights to a user, so that he gets admin
> rights on all workstations in the domain.
>
> Here is what i have:
>
> - Samba 3.08 PDC, config:
>
> [global]
> workgroup = ANT
> netbios name = ANTSRV
> netbios aliases = RUN KITS HOMES LIB PRINTERS
> server string = ANT Samba Server %v
>
> printcap name = /etc/samba/smbprintcap
> load printers = yes
> printing = lprng
> printer admin = @adm
>
> log file = /var/log/samba/log.%m
> max log size = 50
>
> map to guest = bad user
> security = user
> encrypt passwords = yes
> smb passwd file = /etc/samba/private/smbpasswd
>
> socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
> local master = yes
> os level = 33
> domain master = yes
> preferred master = yes
> domain logons = yes
> logon path = \\%L\Profiles\%U
>
> <shares removed>
>
> - Client: Vanilla Windows XP professional, SP2, domain member, no special
> registry settings
>
> - Groups:
>
> root at antsrv2 [~] # net groupmap list
> System Operators (S-1-5-32-549) -> -1
> Replicators (S-1-5-32-552) -> -1
> Guests (S-1-5-32-546) -> -1
> Power Users (S-1-5-32-547) -> -1
> Print Operators (S-1-5-32-550) -> -1
> Administrators (S-1-5-32-544) -> ntadmin
> Account Operators (S-1-5-32-548) -> -1
> Domain Users (S-1-5-21-4008939791-1949703945-886196202-513) -> wiss
> Domain Admins (S-1-5-21-4008939791-1949703945-886196202-512) -> ntadmin
> Backup Operators (S-1-5-32-551) -> -1
> Domain Guests (S-1-5-21-4008939791-1949703945-886196202-514) -> nogroup
> Users (S-1-5-32-545) -> wiss
>
> root at antsrv2 [~] # getent group ntadmin
> ntadmin:x:1060:rebehn
>
> This should be enough to give user rebehn admin rights on all workstaions in
> the domain, right?
>
> But it does not work. When i try to partition disks on a workstation, i get a
> message saying that i do not have the nessecary rights.
>
> Questions:
> - Did i miss something obvious?
> - How can i debug on server/client side ?
>
> Thanks for any help.
>
> PS: winbindd is not running. Do i need it?
> --
>
> Heinrich Rebehn
>
> University of Bremen
> Physics / Electrical and Electronics Engineering
> - Department of Telecommunications -
>
> Phone : +49/421/218-4664
> Fax : -3341
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: http://lists.samba.org/mailman/listinfo/samba
>
More information about the samba
mailing list