NTW 4.0 Workstation Admin Rights

Roman, James (J.D.) jroman6 at ford.com
Mon Sep 11 19:39:40 GMT 2000

As best as I can tell, 2.0.7 only provides you with one option for this type
of administration.  If you set the 

domain admin group = @unixgroupname
(make sure you have the @ sign)

This will allow everyone who logs in to the workstations to have local admin
rights.  Set up a separate Unix group for server side administration, and
use Unix files permissions to administer things from that end.
Unfortunately, they won't be able to use swat for account creation, unless
you give away root's password.  I am trying to work out a perl script,
combined with sudo that would allow this group to add users to the domain.  

Rumor has it that the HEAD branch has DOMAIN GROUP MAP and DOMAIN USER MAP
options in it, that would allow much greater control from the samba end.  I
haven't tested it, so I don't know how well it works.  

-----Original Message-----
From: jseymour at LinxNet.com [mailto:jseymour at LinxNet.com]
Sent: Monday, September 11, 2000 12:22 PM
To: samba-ntdom at us4.samba.org
Subject: NTW 4.0 Workstation Admin Rights

Hi All,

Environment: Samba 2.0.7 (compiled w/gcc)
	     Sun Sparc Solaris
             WinNT 4.0 "workstations"

I need to set up individual users with NTW "Administrator" rights so
that log-on batch files executed on their behalf can do things like
"net time \\Server /yes /set", "route add ..." and other Admin'y
things.  (At least I *think* I do.)  But I do *not* want to give them
wide-open permissions to the domain itself.

I *tried* doing it by logging on to NTW as "Administrator", with the
log-on "domain" set to the workstation itself, and giving a user
"Administrator" rights, but when the user logs on to the domain:  no
workstation admin. rights.

I *suspect* something must be done at the "domain" level, but the
instructions in the "Samba NT domain FAQ" don't work.  Nor have I
been able to unearth any other clues.  (Tho I'm slogging thru the
archives for the mailing list even now.)

Can somebody please lend me a clue? :-)

Jim Seymour                  | PGP Public Key available at:
jseymour at LinxNet.com         |
http://home.msen.com/~jimsun |

More information about the samba-ntdom mailing list