[Samba] Cannot get DOMAIN ADMINS to work

Ryan Novosielski novosirj at umdnj.edu
Tue Dec 14 19:04:44 GMT 2004 

FWIW, I believe you'll be experiencing problems with this part of your 
setup:

> Administrators (S-1-5-32-544) -> ntadmin
> Domain Admins (S-1-5-21-4008939791-1949703945-886196202-512) -> ntadmin

I don't believe that is legal. Or perhaps it is only illegal if ntadmin is 
someone's primary group, not secondary. I just fought with this one 
myself.

Does anyone have a good resource on this?

---- _  _ _  _ ___  _  _  _
|Y#| |  | |\/| |  \ |\ |  |  | Ryan Novosielski - User Support Spec. III
|$&| |__| |  | |__/ | \| _|  | novosirj at umdnj.edu - 973/972.0922 (2-0922)
\__/ Univ. of Med. and Dent. | IST/ACS - NJMS Medical Science Bldg - C630

On Fri, 10 Dec 2004, Heinrich Rebehn wrote:

> Hi list,
>
> After reading a lot in the mailing list and the official Samba 3 howto, i am 
> still unable to give domain admin rights to a user, so that he gets admin 
> rights on all workstations in the domain.
>
> Here is what i have:
>
> - Samba 3.08 PDC, config:
>
> [global]
>   workgroup = ANT
>   netbios name = ANTSRV
>   netbios aliases       = RUN KITS HOMES LIB PRINTERS
>   server string = ANT Samba Server %v
>
>   printcap name = /etc/samba/smbprintcap
>   load printers = yes
>   printing = lprng
>   printer admin = @adm
>
>   log file = /var/log/samba/log.%m
>   max log size = 50
>
>   map to guest = bad user
>   security = user
>   encrypt passwords = yes
>   smb passwd file = /etc/samba/private/smbpasswd
>
>   socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
>   local master = yes
>   os level = 33
>   domain master = yes
>   preferred master = yes
>   domain logons = yes
>   logon path = \\%L\Profiles\%U
>
> <shares removed>
>
> - Client: Vanilla Windows XP professional, SP2, domain member, no special 
> registry settings
>
> - Groups:
>
> root at antsrv2 [~] # net groupmap list
> System Operators (S-1-5-32-549) -> -1
> Replicators (S-1-5-32-552) -> -1
> Guests (S-1-5-32-546) -> -1
> Power Users (S-1-5-32-547) -> -1
> Print Operators (S-1-5-32-550) -> -1
> Administrators (S-1-5-32-544) -> ntadmin
> Account Operators (S-1-5-32-548) -> -1
> Domain Users (S-1-5-21-4008939791-1949703945-886196202-513) -> wiss
> Domain Admins (S-1-5-21-4008939791-1949703945-886196202-512) -> ntadmin
> Backup Operators (S-1-5-32-551) -> -1
> Domain Guests (S-1-5-21-4008939791-1949703945-886196202-514) -> nogroup
> Users (S-1-5-32-545) -> wiss
>
> root at antsrv2 [~] # getent group ntadmin
> ntadmin:x:1060:rebehn
>
> This should be enough to give user rebehn admin rights on all workstaions in 
> the domain, right?
>
> But it does not work. When i try to partition disks on a workstation, i get a 
> message saying that i do not have the nessecary rights.
>
> Questions:
> - Did i miss something obvious?
> - How can i debug on server/client side ?
>
> Thanks for any help.
>
> PS: winbindd is not running. Do i need it?
> -- 
>
> Heinrich Rebehn
>
> University of Bremen
> Physics / Electrical and Electronics Engineering
> - Department of Telecommunications -
>
> Phone : +49/421/218-4664
> Fax   :            -3341
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba
>

More information about the samba mailing list