Domain admins
Luke Kenneth Casson Leighton
lkcl at samba.org
Mon Jan 10 13:35:04 GMT 2000
mike,
i use getwnam() getpwuid() getgrnam() etc to convert to / from unix / nt
groups, because i have *absolutely* no idea what i am doing.
should i be using something else? nisgetpwnam()?
ok, i say "i", but i'm not qualified to actually get it right.
does someone want to look at this?
luke
On Mon, 10 Jan 2000, Mike.Robinson wrote:
> On Fri, 7 Jan 2000, Lars Kneschke wrote:
>
> > "Mike.Robinson" wrote:
> > >
> > > I'm new to NT and have set up a set up a NT PDC using a version 2.1.0-prealpha
> > > of Samba downloaded in September 99 and running on Solaris 7.
> > >
> > > I am trying to put users into a Domain Admins group using the information in
> > > the FAQ.
> > >
> > > What I have is:
> > >
> > > fibratus#ypcat group |grep nt
> > > ntadmin:*:4219:mike,bc,cnd,ann
> > > automnt:*:31530:
> > > ntusers:*:4220:mike,bc,cnd,ann
> > >
> > > fibratus#grep domain smb.conf
> > > workgroup = met-domain
> > > domain group map = /usr/local/samba/lib/domaingroup.map
> > > domain master = yes
> > > domain logons = yes
> > >
> > > fibratus#cat /usr/local/samba/lib/domaingroup.map
> > > ntadmin="Domain Admins"
> > > ntusers="Domain Users"
> > >
> > > fibratus#grep group /etc/nsswitch.conf
> > > # the following two lines obviate the "+" entry in /etc/passwd and /etc/group.
> > > group: files nis
> > > netgroup: nis
> > >
> > > When logging onto a PC as mike in the domain met-domain, mike does not have
> > > administrator privilegs. The samba logs do not appear to have anything that
> > > sheds any light on the matter.
> > I use the latest samba from cvs(see my homepage
> > http://www.kneschke.de/projekte/samba_tng/index.php3). And had
> > this problem just today. Your smb.conf and your domaingroup.map
> > are ok, but to let this, the in the /etc/passwd must be ntadmin
> > or ntusers. The settings in /etc/group don't care samba much. :-(
> >
> > This works:
> >
> > /etc/group
> > ntadmin::101:
> >
> > /etc/passwd
> > lk:x:6010:101::/home/lk:/bin/sh
> >
> > lk is "Domain Admin".
> >
> > Hope this helps.
>
> Many thanks, I've solved the problem following a pointer from "Mayers, P J"
> <p.mayers at ic.ac.uk>.
>
> By looking at the members of MET-DOMAIN\Domain Admins on a PC, I was there as
> miker instead of mike. Although miker was not in smbpasswd or in the nis group
> it is in the NIS passwd (intentionally - with the same user id but different
> shell).
>
> Not sure why it does this since:
>
> fractus#groups miker
> eucsup wheel
>
> fractus#groups mike
> eucsup wheel met erdas ntadmin ntusers www
>
> - but putting miker into smbpasswd and logging in as miker instead circumvents
> the problem?
>
> ****** Is this a bug in the samba software? *******
>
> Best wishes,
>
> Mike
>
> ...............................................................................
> Mike Robinson Email: M.Robinson at ed.ac.uk
> EUCS Tel: 0131 650 5015
> The University of Edinburgh Fax: 0131 650 8748
> J.C.M.B
> The Kings Buildings
> Mayfield Road
> Edinburgh EH9 3JZ
>
>
More information about the samba-ntdom
mailing list