Domain admins

Luke Kenneth Casson Leighton lkcl at samba.org
Mon Jan 10 13:35:04 GMT 2000 

mike,

 i use getwnam() getpwuid() getgrnam() etc to convert to / from unix / nt
groups, because i have *absolutely* no idea what i am doing.

should i be using something else?  nisgetpwnam()?

ok, i say "i", but i'm not qualified to actually get it right.

does someone want to look at this?

luke

On Mon, 10 Jan 2000, Mike.Robinson wrote:

> On Fri, 7 Jan 2000, Lars Kneschke wrote:
> 
> > "Mike.Robinson" wrote:
> > > 
> > > I'm new to NT and have set up a set up a NT PDC using a version 2.1.0-prealpha
> > > of Samba downloaded in September 99 and running on Solaris 7.
> > > 
> > > I am trying to put users into a Domain Admins group using the information in
> > > the FAQ.
> > > 
> > > What I have is:
> > > 
> > > fibratus#ypcat group |grep nt
> > > ntadmin:*:4219:mike,bc,cnd,ann
> > > automnt:*:31530:
> > > ntusers:*:4220:mike,bc,cnd,ann
> > > 
> > > fibratus#grep domain smb.conf
> > >    workgroup = met-domain
> > >    domain group map = /usr/local/samba/lib/domaingroup.map
> > >    domain master = yes
> > >    domain logons = yes
> > > 
> > > fibratus#cat /usr/local/samba/lib/domaingroup.map
> > > ntadmin="Domain Admins"
> > > ntusers="Domain Users"
> > > 
> > > fibratus#grep group /etc/nsswitch.conf
> > > # the following two lines obviate the "+" entry in /etc/passwd and /etc/group.
> > > group:      files nis
> > > netgroup:   nis
> > > 
> > > When logging onto a PC as mike in the domain met-domain, mike does not have
> > > administrator privilegs. The samba logs do not appear to have anything that
> > > sheds any light on the matter.
> > I use the latest samba from cvs(see my homepage
> > http://www.kneschke.de/projekte/samba_tng/index.php3).  And had
> > this problem just today. Your smb.conf and your domaingroup.map
> > are ok, but to let this, the in the /etc/passwd must be ntadmin
> > or ntusers. The settings in /etc/group don't care samba much. :-(
> > 
> > This works:
> > 
> > /etc/group
> > ntadmin::101:
> > 
> > /etc/passwd
> > lk:x:6010:101::/home/lk:/bin/sh
> > 
> > lk is "Domain Admin".
> > 
> > Hope this helps.
> 
> Many thanks, I've solved the problem following a pointer from "Mayers, P J"
> <p.mayers at ic.ac.uk>.
> 
> By looking at the members of MET-DOMAIN\Domain Admins on a PC, I was there as 
> miker instead of mike. Although miker was not in smbpasswd or in the nis group 
> it is in the NIS passwd (intentionally - with the same user id but different 
> shell). 
> 
> Not sure why it does this since:
> 
> fractus#groups miker
> eucsup wheel
> 
> fractus#groups mike
> eucsup wheel met erdas ntadmin ntusers www
> 
> - but putting miker into smbpasswd and logging in as miker instead circumvents
> the problem?
> 
> ****** Is this a bug in the samba software?  *******
> 
> Best wishes,
> 
> Mike
> 
> ...............................................................................
> Mike Robinson                        Email: M.Robinson at ed.ac.uk
> EUCS       			     Tel:   0131 650 5015
> The University of Edinburgh          Fax:   0131 650 8748
> J.C.M.B
> The Kings Buildings                      
> Mayfield Road
> Edinburgh EH9 3JZ
> 
>

More information about the samba-ntdom mailing list