Domain admins

Mike.Robinson mike at ed.ac.uk
Mon Jan 10 10:34:46 GMT 2000 

On Fri, 7 Jan 2000, Lars Kneschke wrote:

> "Mike.Robinson" wrote:
> > 
> > I'm new to NT and have set up a set up a NT PDC using a version 2.1.0-prealpha
> > of Samba downloaded in September 99 and running on Solaris 7.
> > 
> > I am trying to put users into a Domain Admins group using the information in
> > the FAQ.
> > 
> > What I have is:
> > 
> > fibratus#ypcat group |grep nt
> > ntadmin:*:4219:mike,bc,cnd,ann
> > automnt:*:31530:
> > ntusers:*:4220:mike,bc,cnd,ann
> > 
> > fibratus#grep domain smb.conf
> >    workgroup = met-domain
> >    domain group map = /usr/local/samba/lib/domaingroup.map
> >    domain master = yes
> >    domain logons = yes
> > 
> > fibratus#cat /usr/local/samba/lib/domaingroup.map
> > ntadmin="Domain Admins"
> > ntusers="Domain Users"
> > 
> > fibratus#grep group /etc/nsswitch.conf
> > # the following two lines obviate the "+" entry in /etc/passwd and /etc/group.
> > group:      files nis
> > netgroup:   nis
> > 
> > When logging onto a PC as mike in the domain met-domain, mike does not have
> > administrator privilegs. The samba logs do not appear to have anything that
> > sheds any light on the matter.
> I use the latest samba from cvs(see my homepage
> http://www.kneschke.de/projekte/samba_tng/index.php3).  And had
> this problem just today. Your smb.conf and your domaingroup.map
> are ok, but to let this, the in the /etc/passwd must be ntadmin
> or ntusers. The settings in /etc/group don't care samba much. :-(
> 
> This works:
> 
> /etc/group
> ntadmin::101:
> 
> /etc/passwd
> lk:x:6010:101::/home/lk:/bin/sh
> 
> lk is "Domain Admin".
> 
> Hope this helps.

Many thanks, I've solved the problem following a pointer from "Mayers, P J"
<p.mayers at ic.ac.uk>.

By looking at the members of MET-DOMAIN\Domain Admins on a PC, I was there as 
miker instead of mike. Although miker was not in smbpasswd or in the nis group 
it is in the NIS passwd (intentionally - with the same user id but different 
shell). 

Not sure why it does this since:

fractus#groups miker
eucsup wheel

fractus#groups mike
eucsup wheel met erdas ntadmin ntusers www

- but putting miker into smbpasswd and logging in as miker instead circumvents
the problem?

****** Is this a bug in the samba software?  *******

Best wishes,

Mike

................................................................................
Mike Robinson                        Email: M.Robinson at ed.ac.uk
EUCS       			     Tel:   0131 650 5015
The University of Edinburgh          Fax:   0131 650 8748
J.C.M.B
The Kings Buildings                      
Mayfield Road
Edinburgh EH9 3JZ

More information about the samba-ntdom mailing list