[Samba] Windows 2000 and domain users
James Kreuziger
jkreuzig at massun.peds.mc.uci.edu
Fri Apr 12 14:54:04 GMT 2002
First the details:
Samba 2.2.3a running on Solaris 8 set up as a PDC.
Various systems running Windows 95/98/NT 4.0.
I've had absolutly no serious problems running
Samba in this configuration for the last couple
of years. I've upgraded Samba as the new versions
have come out, and now need to integrate some new
Win2k boxes.
Problem is, when I add the new machines to the domain,
the group "DOMAIN\unix_group.2147483404" gets added to
both the Administrators group and Users group. So domain
users start with Administrator rights! If I remove
the "DOMAIN\unix_group.2147483404" group from the Administrators
group, it mucks thinks up bad enough to require a reinstall
of Win2k. I'd like to think that this is not a required
feature of using Samba with Win2k. I would like to restrict
users to the same rights as normal users, so I can lock down
who can install software on each individual machine. As it
stands now, I can't do that.
I'm including the global section of my smb.conf, if it
helps.
Thanks,
-Jim
*************************************************
Jim Kreuziger
jkreuzig at uci.edu
*************************************************
# Global parameters
[global]
# include = /samba/current/lib/smb.conf.%U
workgroup = <DOMAIN>
preexec = csh -c `echo /usr/local/samba/bin/smbclient \
-M %m -I %I` &
server string = Samba %v on (%L)
security = user
domain logons = yes
encrypt passwords = Yes
password level = 3
log level = 1
log file = /samba/current/var/log.smbd.%m
wins support = Yes
name resolve order = wins hosts lmhosts bcast
dns proxy = yes
deadtime = 30
keepalive = 120
client code page = 437
os level = 65
preferred master = Yes
domain master = Yes
guest account = samba
invalid users = root daemon bin sys lp smtp uucp nuucp listen dcs
consult dumper nobody
# invalid users = daemon bin sys lp smtp uucp nuucp listen dcs
consult dumper nobody
veto oplock files = /*.mdb/*.dbm/*.doc/*.xls
socket options = TCP_NODELAY IPTOS_LOWDELAY
getwd cache = yes
logon script = %U.bat
logon path = \\server\profile\%U
remote announce = <IP ADDRESS>/<DOMAIN>
utmp = True
# utmp consolidate = yes
username map = /samba/current/lib/usermap.txt
# config file = /samba/current/lib/smb.conf.%U
More information about the samba
mailing list