"Local group map" "domain group map" "domain user map" problem

Pascal OFFREDO poffredo at club-internet.fr
Thu Aug 3 15:51:12 GMT 2000 

Hi,

I'm using a Redhat 6.2/Samba TNG 2.5 box and a NT4 WS+SP6 box- French version

Redhat/Samba server's  name is linux.
Nt WS 's name is ntworkstation.
Local NT WS admin is Administrateur.
Local NT WS admins group is Administrateurs.
Domain is DOMAINE

Here is what I'm trying to do for 2 days.

I'd like my root unix user to become the domain admin and the local ws admin. In fact I want to be able to create/delete different folders on my workstation grant users access rights.

I used Raoul Schroeder's tutorial.

* First, I had to register my workstation in the domain  : 

[root at linux /root]# samedit -S . -U root
added interface ip=10.0.0.3 bcast=10.0.0.255 nmask=255.255.255.0
added interface ip=192.0.0.1 bcast=192.0.0.255 nmask=255.255.255.0
Enter Password:
[root at .]$ createuser ntworkstation$ -j domaine
createuser ntworkstation$ -j domaine
SAM Create Domain User
Domain: DOMAINE Name: ntworkstation$ ACB: [W          ]
ncacn_np_use_add: connection failed
Connection to \\NTWORKSTATION FAILED
(Do a "use \\\\NTWORKSTATION -U localadmin")
Create Domain User: FAILED

[root at .]$ use \\\\ntworkstation -U Administrateur
use \\\\ntworkstation -U Administrateur
Enter Password:
Server: \\NTWORKSTATION:        User:   Administrateur  Domain:
Connection:     Got a positive name query response from 10.0.0.2 ( 10.0.0.2 )
error connecting to 10.0.0.2:445 (Connexion refusée)
session setup ok
Domain=[WORKGROUP] OS=[Windows NT 4.0] Server=[NT LAN Manager 4.0]
OK
[Administrateur at .]$ createuser ntworkstation$ -j domaine
createuser ntworkstation$ -j domaine
SAM Create Domain User
Domain: DOMAINE Name: ntworkstation$ ACB: [W          ]
Create Domain User: OK
Join NTWORKSTATION to Domain DOMAINE
Create $MACHINE.ACC: OK
Set $MACHINE.ACC: OK
[Administrateur at .]$         
                   
Then I tried to join the domain using NT WS network control panel. Impossible !

I get the following error :  

run32.dll 0xc0000005 access violation

So, I decided to create the workstation$ using another method :

[root at .]$ deluser ntworkstation$
deluser ntworkstation$
SAM Delete Domain User
Delete Domain User: OK
[root at .]$ createuser ntworkstation$
createuser ntworkstation$
SAM Create Domain User
Domain: DOMAINE Name: ntworkstation$ ACB: [W          ]
Resetting Trust Account to insecure, initial, well-known value: "ntworkstation"
ntworkstation can now be joined to the domain, which should
be done on a private, secure network as soon as possible
Create Domain User: OK
[root at .]$         

And retried to join the domain. Successfully.

However, I've read in several documents that the academic method to create a workstation account is  :

create workstation_name$ -j domaine_name.

So, what is the problem ?
 
 
* Then, I wanted my root user to become a local admin and a domain admin.

here is the content of my different files :
 
local_group.map => root=BUILTIN\Administrateurs
domain_group.map => root="Domain Admins"
domain_user.map=>root=Administrator.
 
I used smbpasswd -a root to create the account in the SAM , and replace U with A in smbpasswd file according to Raoul Schroeder's tutorial.
 
The enumusers command displays:

User RID:     a034  User Name: linux$
User RID:     a02c  User Name: ntworkstation$
User RID:      1f4  User Name: Administrator   
 
and the dispinfo command displays :
 
Sam Level 1:
        Index:  2                  <- Index is normal. I still have a user in the SAM     
        RID:    0x1f4
        ACB:    [U          ]                    
        Account Name:   Administrator
        Full Name:
        User Description:  
                         
Is ACB' s value the good one ?!!!  ....


Well ....

Finally I logged into the domain from my NTWS successfully with unix root account. No problem.

Using MUSRMGR I wanted to see properties of Administrateurs local group. The system returns the following message (translation):

The following error occured during access to Administrateurs local group properties.
Access denied.
Properties of local group can't be modified or listed now.

Using USRMGR, I can see the content of /etc/passwd and etc/group listed in the usernames panel.
Checking root's properties shows me it's only member of users group.

Clicking on Domain Admins group returns the following message (translation):

The following error occured during access to Domain Admins group.
group name doesn't exist.
Group's properties can't be listed or modified now.

Using explorer I tried to browse local admin's folder. Impossible !

Well, I've got no idea where the problem is !!!!

Regards

poffredo at club-internet.fr
-------------- next part --------------
HTML attachment scrubbed and removed

More information about the samba-ntdom mailing list