[Samba] Re: samba 3 b3 and nt accounts
paul at subsignal.org
Sun Aug 3 18:51:55 GMT 2003
Failed Access wrote:
> Okidokey things are flying here
> I am a domain admin and as such when I logon to a win 2k/xp system I
> should be able to access the system stuff (like changing the domain) as
> well as certify a new machine to the domain.
Who granted you "domain admin" rights? SAMBA PDC? Win2k PDC?
> With the Samba user however I log onto the machine now and no longer
> have my admin rights to change settings :c(
What do you mean with "samba user"?
Generally speaking, if you have a useracccount at the samba PDC, set up
groupmapping stuff correctly, added yourself to the "Domain
Administrators" Group you should be "Administrator" on a Win2k/XP box,
since the (samba)"Domain Adminitrators" Group is added to the local
"Administrators" Group. However you're still not allowed to join the
machine to the domain, for this your (unix) UID number have to be 0
(i.e. you have to be root).
(I hate this quirk of xp/2k
> it's almost enough reason to fire the darn thing out of a real big
> cannon but sadly windows is here to stay *gripe gripe moan moan*)
> As the same user though I am able to log a machine into the domain...
> which means it does think I'm a domain admin
> Anyways anyone got ideas on this issue?
> Any more info I could post to help?
I'm still somewhat unclear about your setup, specifically your users ;)
> Very irritating problem...
> Matt D.
More information about the samba