[Samba] Re: adding computer in domain with user other than root

Robert Robertedstrom at yahoo.com
Mon Nov 3 05:20:31 GMT 2003 

I have done this successfully with samba 2.2.8a and an LDAP backend with
openldap.  I had difficulty with the regular smbpasswd file in that I was
unable to join.  I haven't tried the regular smbpasswd backend in a while
because I made the switch to ldap.  Is there anything special I need to do
with the plain old smbpasswd backend.

Have you done the same with samba 3?  I'm looking for the equivalent for
samba 3.  I created a group called domain-admins, and mapped it with the net
groupmap add command.  The ntgroup name is "Domain Admins" and I manually
set the rid to 512.  If I add users to the group, but join the domain with
the root account added via smbpasswd, the members of the group are
recognized as domain admins.  I still can't join the domain with an account
from that group.

Please help.
Bob.



"Jean-Rene Cormier" <jean-rene.cormier at cipanb.ca> wrote in message
news:1067615487.1995.27.camel at forbidden.cipanb.ca...
> My smb.conf is pretty basic, I don't see anything else other than the
> domain admin group that would change that behaviour.
>
> Here's part of my smb.conf:
>
> [global]
>         workgroup = DOMAIN
>         netbios name = SERVER
>         server string = SERVER
>         interfaces = 192.168.0.2 127.0.0.1
>         bind interfaces only = Yes
>         encrypt passwords = Yes
>         passwd program = /usr/bin/passwd %u
>         username map = /etc/samba/private/usermap
>         unix password sync = Yes
>         log file = /var/log/samba/%m
>         socket options = TCP_NODELAY IPTOS_LOWDELAY SO_KEEPALIVE
>
>         name resolve order = wins bcast hosts
>         domain admin group = root, admina, adminb
>         logon path = \\%N\profiles\%u
>         logon drive = I:
>         domain logons = Yes
>         os level = 35
>         preferred master = Yes
>         local master = Yes
>         domain master = Yes
>         wins support = Yes
>
ldap server = 127.0.0.1
>         ldap port = 389
>         ldap suffix = "dc=domain,dc=com"
>         ldap admin dn = "uid=smbadmin,ou=People,dc=domain,dc=com"
>         ldap ssl = Yes
>
> Jean-Rene Cormier
>
> On Fri, 2003-10-31 at 11:36, werner maes wrote:
> > I'm glad it works for you :-)
> > can you give some configuration details of smb.conf?
> >
> > I have: domain admin group = root ldaptest.
> >
> > Werner
> >
> > At 11:27 31/10/2003, Jean-Rene Cormier wrote:
> > >I just reformatted a computer and I joined it with my regular username
> > >which doesn't have uid=0 and is not mapped to root either. I thought
> > >that maybe it was because the machine account was already in LDAP so I
> > >booted up another Windows in VMWare and removed it from the domain and
> > >changed the computer name to one that wasn't already in LDAP and I was
> > >able to join it with the same username. I'm using the "domain admin
> > >group" and it seems to be working fine. Running on Samba 2.2.8a btw.
> > >
> > >Jean-Rene Cormier
> > >
> > >On Fri, 2003-10-31 at 10:37, Thiago Lima wrote:
> > > > The user MUST be root, if you want to use another user map it to
root in
> > > > smbusers.
> > > >
> > > >
> > > > regards.
> > > > thiago.
> > > >
> > > >
> > > > > I tried to add a computer to a Samba domain using another account
> > > > > (testuser) than root.
> > > > > I use LDAP for authentication and added the account
> > > > > (testuser) with uid=0
> > > > > in ldap. If I use this account to add an computer to the
> > > > > domain I get the
> > > > > error: "Access is denied".
> > > > >
> >
> >
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba
>

More information about the samba mailing list