[Samba] local user admin rights on samba pdc

Ulrich Kohlhase Ulrich.Kohlhase at t-online.de
Sun Mar 16 17:34:04 GMT 2003


Raj,

> I have noticed that it is causing a problem for some other software
> also. I know that i need to grant local admin rights for that user
> but what is the best method on doing this?
> If I try to access softare by logging in as root on the win2k boxon
> the pdc domain it still prevents me from installing a palm pilot or
> running some particular software.
> All of the software that needs some sort of admin priveledges work
> fine if you logon as administrator to the local machine.

Domain users are common users with limited privileges. This is by design and
affects pure Windows domains also. Several non MS software products are
written pretty badly and rely on changes to be written to system registry
but common users usually do not have permission to alter registry keys. You
need to change the registry keys in question in order to get your "special"
software to work properly for local common users and domain users.

Get regmon, a nice tool to monitor registry access at
http://www.sysinternals.com/ntw2k/source/regmon.shtml
and
- login as domain user
- runas /user:administrator regmon
- change regmon's filter to include "ACCDENIED"
- start palm software as usual and watch the ACCDENIED flying by :-)
- double click on one of the ACCDENIED entries and change security settings
for the registry key

This is a tedious and time consuming approach to fix one or the other
software package, but at least the only reliable method I know of. You may
want to try to add the domain users group to the local power user group -
didn't work for us at that time. Things might change when Samba 3.0 is
released and group mapping support will be available (?)

Good luck,
Uli




More information about the samba mailing list