[Samba] domain power users

charles :( charlesaburrell at gmail.com
Wed Feb 4 21:05:04 GMT 2009 

>
>
> ---------- Forwarded message ----------
> From: Harry Jede <walk2sun at arcor.de>
> To: samba at lists.samba.org
> Date: Thu, 29 Jan 2009 02:32:56 +0100
> Subject: Re: [Samba] domain power users
> Am Mittwoch, 28. Januar 2009 23:45 schrieb charles:
> > Hello:
> >
> > I have an nt domain comprised of a samba/openldap pdc with windows xp
> > sp2 clients.
> > *samba   3.0.28a-1
> > slapd   2.4.9-0
> > smbldap-tools   0.9.4-1
> > Ubuntu 8.04 Server LTS
> > Windows Xp SP2
> > *
> >
> > I have two problems which I think are related.
> > - using "gpresult" from an xp client on the domain, the user is not
> > shown as being a "Power Users", even with their primary group (-g)
> > set to "Power Users"
> > - I cannot add a local security group from the ldap server, I can't
> > see any of the groups, I can see and add users however
> > *dn: cn=Power Users,ou=Groups,dc=*****,dc=bz
> > objectClass: top,posixGroup,sambaGroupMapping
> > cn: Power Users
> > gidNumber: 547
> > sambaGroupType: 5
> Local groups must have
>  sambaGroupType: 4
>
> It is a bug in smbldap-tools. Search the archiv for the patch, and edit
> your existing groups manually.
>
> > displayName: Power Users
> > sambaSID: S-1-5-32-547
> > *
> >
> > I need the "Power Users" groups for Quickbooks. I would be useful if
> > the "Power Users" privilliges were inheritted from the domain. I'd
> > settle for adding the Domain "Power Users" group as a local security
> > group.
> >
> > Thanks.
> >
> > --
> > Charles Burrell
> >
> > Belmopan, Belize
> > University of Belize Alma Mater
>
> --
>
> Gruss
>        Harry Jede
>

Hello,

Thanks Harry.

I edited the smbldap-populate script and added the Power Users entry to the
LDAP database using the script.
dn: cn=Power Users,ou=Groups,dc=origin,dc=bz
objectClass: top,posixGroup,sambaGroupMapping
gidNumber: 547
cn: Power Users
description: Netbios Domain Members can share directories and printers
sambaSID: S-1-5-32-547
sambaGroupType: 4
displayName: Power Users

The group type is now local. However the Power User privileges still do not
apply and gpresult doesn't list membership. Furthermore, LDAP Admin shows
the group as being local but doesn't show any members although there is one
member. Members of other "local" groups are listed in said groups.

Any ideas from anyone?
-- 
Charles

More information about the samba mailing list