Domain admins

Lars Kneschke lk at NetUSE.DE
Fri Jan 7 16:26:19 GMT 2000


"Mike.Robinson" wrote:
> 
> I'm new to NT and have set up a set up a NT PDC using a version 2.1.0-prealpha
> of Samba downloaded in September 99 and running on Solaris 7.
> 
> I am trying to put users into a Domain Admins group using the information in
> the FAQ.
> 
> What I have is:
> 
> fibratus#ypcat group |grep nt
> ntadmin:*:4219:mike,bc,cnd,ann
> automnt:*:31530:
> ntusers:*:4220:mike,bc,cnd,ann
> 
> fibratus#grep domain smb.conf
>    workgroup = met-domain
>    domain group map = /usr/local/samba/lib/domaingroup.map
>    domain master = yes
>    domain logons = yes
> 
> fibratus#cat /usr/local/samba/lib/domaingroup.map
> ntadmin="Domain Admins"
> ntusers="Domain Users"
> 
> fibratus#grep group /etc/nsswitch.conf
> # the following two lines obviate the "+" entry in /etc/passwd and /etc/group.
> group:      files nis
> netgroup:   nis
> 
> When logging onto a PC as mike in the domain met-domain, mike does not have
> administrator privilegs. The samba logs do not appear to have anything that
> sheds any light on the matter.
I use the latest samba from cvs(see my homepage
http://www.kneschke.de/projekte/samba_tng/index.php3).  And had
this problem just today. Your smb.conf and your domaingroup.map
are ok, but to let this, the in the /etc/passwd must be ntadmin
or ntusers. The settings in /etc/group don't care samba much. :-(

This works:

/etc/group
ntadmin::101:

/etc/passwd
lk:x:6010:101::/home/lk:/bin/sh

lk is "Domain Admin".

Hope this helps.

Cu



-- 
Lars Kneschke
NetUSE Kommunikationstechnologie GmbH
Siemenswall, D-24107 Kiel, Germany
Fon: +49 431 386435 00  --  Fax: +49 431 386435 99


More information about the samba-ntdom mailing list