[Samba] Cannot get DOMAIN ADMINS to work *SOLVED*
Heinrich Rebehn
rebehn at ant.uni-bremen.de
Wed Dec 15 08:40:32 GMT 2004
Ryan Novosielski wrote:
> FWIW, I believe you'll be experiencing problems with this part of your
> setup:
>
>> Administrators (S-1-5-32-544) -> ntadmin
>> Domain Admins (S-1-5-21-4008939791-1949703945-886196202-512) -> ntadmin
>
>
> I don't believe that is legal. Or perhaps it is only illegal if ntadmin
> is someone's primary group, not secondary. I just fought with this one
> myself.
>
> Does anyone have a good resource on this?
ntadmin is one of my secondary groups. Anyway, it now works for me. I
had to stop samba, delete secrets.tdb and groupmappings.tdb and restart
samba, according to:
http://lists.samba.org/archive/samba/2004-August/090343.html
>
> ---- _ _ _ _ ___ _ _ _
> |Y#| | | |\/| | \ |\ | | | Ryan Novosielski - User Support Spec. III
> |$&| |__| | | |__/ | \| _| | novosirj at umdnj.edu - 973/972.0922 (2-0922)
> \__/ Univ. of Med. and Dent. | IST/ACS - NJMS Medical Science Bldg - C630
>
> On Fri, 10 Dec 2004, Heinrich Rebehn wrote:
>
>> Hi list,
>>
>> After reading a lot in the mailing list and the official Samba 3
>> howto, i am still unable to give domain admin rights to a user, so
>> that he gets admin rights on all workstations in the domain.
>>
>> Here is what i have:
>>
>> - Samba 3.08 PDC, config:
>>
>> [global]
>> workgroup = ANT
>> netbios name = ANTSRV
>> netbios aliases = RUN KITS HOMES LIB PRINTERS
>> server string = ANT Samba Server %v
>>
>> printcap name = /etc/samba/smbprintcap
>> load printers = yes
>> printing = lprng
>> printer admin = @adm
>>
>> log file = /var/log/samba/log.%m
>> max log size = 50
>>
>> map to guest = bad user
>> security = user
>> encrypt passwords = yes
>> smb passwd file = /etc/samba/private/smbpasswd
>>
>> socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
>> local master = yes
>> os level = 33
>> domain master = yes
>> preferred master = yes
>> domain logons = yes
>> logon path = \\%L\Profiles\%U
>>
>> <shares removed>
>>
>> - Client: Vanilla Windows XP professional, SP2, domain member, no
>> special registry settings
>>
>> - Groups:
>>
>> root at antsrv2 [~] # net groupmap list
>> System Operators (S-1-5-32-549) -> -1
>> Replicators (S-1-5-32-552) -> -1
>> Guests (S-1-5-32-546) -> -1
>> Power Users (S-1-5-32-547) -> -1
>> Print Operators (S-1-5-32-550) -> -1
>> Administrators (S-1-5-32-544) -> ntadmin
>> Account Operators (S-1-5-32-548) -> -1
>> Domain Users (S-1-5-21-4008939791-1949703945-886196202-513) -> wiss
>> Domain Admins (S-1-5-21-4008939791-1949703945-886196202-512) -> ntadmin
>> Backup Operators (S-1-5-32-551) -> -1
>> Domain Guests (S-1-5-21-4008939791-1949703945-886196202-514) -> nogroup
>> Users (S-1-5-32-545) -> wiss
>>
>> root at antsrv2 [~] # getent group ntadmin
>> ntadmin:x:1060:rebehn
>>
>> This should be enough to give user rebehn admin rights on all
>> workstaions in the domain, right?
>>
>> But it does not work. When i try to partition disks on a workstation,
>> i get a message saying that i do not have the nessecary rights.
>>
>> Questions:
>> - Did i miss something obvious?
>> - How can i debug on server/client side ?
>>
>> Thanks for any help.
>>
>> PS: winbindd is not running. Do i need it?
>> --
--
Heinrich Rebehn
University of Bremen
Physics / Electrical and Electronics Engineering
- Department of Telecommunications -
Phone : +49/421/218-4664
Fax : -3341
More information about the samba
mailing list