acls on win-side

Thomas Heiligenmann thomas.heiligenmann at t-online.de
Sat Sep 18 17:43:16 GMT 1999 

Henning Rohde wrote:
> 
> Hi everybody,
> 
> sorry for entering discussion with a new point,
> but in my case Thomas' solution doesn't work:
> 
> if i try add the user 'root' of my Linux-box (SuSE 6.1, Kernel
> 2.2.12, Samba 2.0.5a, PDC) being local Admin of my NT-box
> (NT4; SP3; german Ed.), it lets me see 'root' being member of
> 'Domain Admins' and include 'root' into 'Administrators',
> but when i accept these setting it returns "unknown account"
> in the properties of 'local Admins', so nothing works.
> 
> Where could my mistake be?
> 
> Thank in advance,
> 
>                 Henning Rohde
> 
> PS: Please ignore misprints, i had to translate.
> 

As I understood the domain code in 2.0.5a is still incomplete what
obviously
affects the RPC interface for enumarating users from the PDC too. My
site is
almost similar to Henning's (SuSE 5.2/2.0.33/Samba 2.0.5a vs.
NT4/SP3/German)
- well almost - but I think he differences may be lying in our smb.conf
or 
local privileges on the NT client.

When logged in with local admin privileges and adding users from the
Linux box
to the local Admins group the dialog shows Domain Admins plus all the
users
defined in smbpasswd. I can add them to the list and accept the setting
without
problems and hence they can work with local admin privileges as
expected...

However if I later browse the local Admins group the members selected
from the
domain just show up as unknown accounts but in daily use anything works
fine.
Don't ask me whether that's just a cosmetic issue or can cause real harm
(it
didn't yet).

I attached an excerpt from my smb.conf file. Maybe it can help.

Cheers,
Thomas


[global]
   workgroup = MY_DOMAIN
   server string = "File and Print Server"
   guest account = nobody
   log file = /var/samba/log.%m
   max log size = 50
   security = user
   encrypt passwords = yes
   socket options = TCP_NODELAY
   domain logons = yes
   logon script = user\%U.bat
   logon path = \\%L\profiles\%U
   logon home = \\%L\netlogon
   logon drive = z:
   local master = yes
   os level = 33
   domain master = yes
   preferred master = yes
   wins support = yes
   dns proxy = no
[profiles]
   comment = NT Profil
   path = /home/profiles
   writable = yes
   create mode = 0600
   directory mode = 0700
[netlogon]
   comment = Network Logon Service
   path = /home/netlogon
   writable = yes
   guest ok = yes

More information about the samba-ntdom mailing list