Domain admins
Mike.Robinson
mike at ed.ac.uk
Mon Jan 10 16:17:50 GMT 2000
On Tue, 11 Jan 2000, Luke Kenneth Casson Leighton wrote:
> mike,
>
> i use getwnam() getpwuid() getgrnam() etc to convert to / from unix / nt
> groups, because i have *absolutely* no idea what i am doing.
>
> should i be using something else? nisgetpwnam()?
>
> ok, i say "i", but i'm not qualified to actually get it right.
>
> does someone want to look at this?
>
> luke
Perhaps I was at fault having more than one user name (mike and miker) assigned
to a single uid - although both refer to one (physical) user. I've changed this
now, giving miker a different uid to mike. That seems to solve the problem.
Mike
--------------------------------------------------------------------------------
>
> On Mon, 10 Jan 2000, Mike.Robinson wrote:
>
> > On Fri, 7 Jan 2000, Lars Kneschke wrote:
> >
> > > "Mike.Robinson" wrote:
> > > >
> > > > I'm new to NT and have set up a set up a NT PDC using a version 2.1.0-prealpha
> > > > of Samba downloaded in September 99 and running on Solaris 7.
> > > >
> > > > I am trying to put users into a Domain Admins group using the information in
> > > > the FAQ.
> > > >
> > > > What I have is:
> > > >
> > > > fibratus#ypcat group |grep nt
> > > > ntadmin:*:4219:mike,bc,cnd,ann
> > > > automnt:*:31530:
> > > > ntusers:*:4220:mike,bc,cnd,ann
> > > >
> > > > fibratus#grep domain smb.conf
> > > > workgroup = met-domain
> > > > domain group map = /usr/local/samba/lib/domaingroup.map
> > > > domain master = yes
> > > > domain logons = yes
> > > >
> > > > fibratus#cat /usr/local/samba/lib/domaingroup.map
> > > > ntadmin="Domain Admins"
> > > > ntusers="Domain Users"
> > > >
> > > > fibratus#grep group /etc/nsswitch.conf
> > > > # the following two lines obviate the "+" entry in /etc/passwd and /etc/group.
> > > > group: files nis
> > > > netgroup: nis
> > > >
> > > > When logging onto a PC as mike in the domain met-domain, mike does not have
> > > > administrator privilegs. The samba logs do not appear to have anything that
> > > > sheds any light on the matter.
> > > I use the latest samba from cvs(see my homepage
> > > http://www.kneschke.de/projekte/samba_tng/index.php3). And had
> > > this problem just today. Your smb.conf and your domaingroup.map
> > > are ok, but to let this, the in the /etc/passwd must be ntadmin
> > > or ntusers. The settings in /etc/group don't care samba much. :-(
> > >
> > > This works:
> > >
> > > /etc/group
> > > ntadmin::101:
> > >
> > > /etc/passwd
> > > lk:x:6010:101::/home/lk:/bin/sh
> > >
> > > lk is "Domain Admin".
> > >
> > > Hope this helps.
> >
> > Many thanks, I've solved the problem following a pointer from "Mayers, P J"
> > <p.mayers at ic.ac.uk>.
> >
> > By looking at the members of MET-DOMAIN\Domain Admins on a PC, I was there as
> > miker instead of mike. Although miker was not in smbpasswd or in the nis group
> > it is in the NIS passwd (intentionally - with the same user id but different
> > shell).
> >
> > Not sure why it does this since:
> >
> > fractus#groups miker
> > eucsup wheel
> >
> > fractus#groups mike
> > eucsup wheel met erdas ntadmin ntusers www
> >
> > - but putting miker into smbpasswd and logging in as miker instead circumvents
> > the problem?
> >
> > ****** Is this a bug in the samba software? *******
> >
> > Best wishes,
> >
> > Mike
> >
> > ...............................................................................
> > Mike Robinson Email: M.Robinson at ed.ac.uk
> > EUCS Tel: 0131 650 5015
> > The University of Edinburgh Fax: 0131 650 8748
> > J.C.M.B
> > The Kings Buildings
> > Mayfield Road
> > Edinburgh EH9 3JZ
> >
> >
>
Best wishes,
Mike
................................................................................
Mike Robinson Email: M.Robinson at ed.ac.uk
EUCS Tel: 0131 650 5015
The University of Edinburgh Fax: 0131 650 8748
J.C.M.B
The Kings Buildings
Mayfield Road
Edinburgh EH9 3JZ
More information about the samba-ntdom
mailing list