[Samba] Re: adding computer in domain with user other than root
Jean-Rene Cormier
jean-rene.cormier at cipanb.ca
Mon Nov 3 11:53:24 GMT 2003
On Mon, 2003-11-03 at 01:20, Robert wrote:
> I have done this successfully with samba 2.2.8a and an LDAP backend with
> openldap. I had difficulty with the regular smbpasswd file in that I was
> unable to join. I haven't tried the regular smbpasswd backend in a while
> because I made the switch to ldap. Is there anything special I need to do
> with the plain old smbpasswd backend.
I haven't used the old smbpasswd backend in a pretty long time either so
I wouldn't know...
> Have you done the same with samba 3? I'm looking for the equivalent for
> samba 3. I created a group called domain-admins, and mapped it with the net
> groupmap add command. The ntgroup name is "Domain Admins" and I manually
> set the rid to 512. If I add users to the group, but join the domain with
> the root account added via smbpasswd, the members of the group are
> recognized as domain admins. I still can't join the domain with an account
> from that group.
I haven't played much with Samba 3 yet, but I'll be installing it when
I'll have some time to do so.
Jean-Rene Cormier
> Please help.
> Bob.
>
>
>
> "Jean-Rene Cormier" <jean-rene.cormier at cipanb.ca> wrote in message
> news:1067615487.1995.27.camel at forbidden.cipanb.ca...
> > My smb.conf is pretty basic, I don't see anything else other than the
> > domain admin group that would change that behaviour.
> >
> > Here's part of my smb.conf:
> >
> > [global]
> > workgroup = DOMAIN
> > netbios name = SERVER
> > server string = SERVER
> > interfaces = 192.168.0.2 127.0.0.1
> > bind interfaces only = Yes
> > encrypt passwords = Yes
> > passwd program = /usr/bin/passwd %u
> > username map = /etc/samba/private/usermap
> > unix password sync = Yes
> > log file = /var/log/samba/%m
> > socket options = TCP_NODELAY IPTOS_LOWDELAY SO_KEEPALIVE
> >
> > name resolve order = wins bcast hosts
> > domain admin group = root, admina, adminb
> > logon path = \\%N\profiles\%u
> > logon drive = I:
> > domain logons = Yes
> > os level = 35
> > preferred master = Yes
> > local master = Yes
> > domain master = Yes
> > wins support = Yes
> >
> ldap server = 127.0.0.1
> > ldap port = 389
> > ldap suffix = "dc=domain,dc=com"
> > ldap admin dn = "uid=smbadmin,ou=People,dc=domain,dc=com"
> > ldap ssl = Yes
> >
> > Jean-Rene Cormier
> >
> > On Fri, 2003-10-31 at 11:36, werner maes wrote:
> > > I'm glad it works for you :-)
> > > can you give some configuration details of smb.conf?
> > >
> > > I have: domain admin group = root ldaptest.
> > >
> > > Werner
> > >
> > > At 11:27 31/10/2003, Jean-Rene Cormier wrote:
> > > >I just reformatted a computer and I joined it with my regular username
> > > >which doesn't have uid=0 and is not mapped to root either. I thought
> > > >that maybe it was because the machine account was already in LDAP so I
> > > >booted up another Windows in VMWare and removed it from the domain and
> > > >changed the computer name to one that wasn't already in LDAP and I was
> > > >able to join it with the same username. I'm using the "domain admin
> > > >group" and it seems to be working fine. Running on Samba 2.2.8a btw.
> > > >
> > > >Jean-Rene Cormier
> > > >
> > > >On Fri, 2003-10-31 at 10:37, Thiago Lima wrote:
> > > > > The user MUST be root, if you want to use another user map it to
> root in
> > > > > smbusers.
> > > > >
> > > > >
> > > > > regards.
> > > > > thiago.
> > > > >
> > > > >
> > > > > > I tried to add a computer to a Samba domain using another account
> > > > > > (testuser) than root.
> > > > > > I use LDAP for authentication and added the account
> > > > > > (testuser) with uid=0
> > > > > > in ldap. If I use this account to add an computer to the
> > > > > > domain I get the
> > > > > > error: "Access is denied".
> > > > > >
> > >
> > >
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions: http://lists.samba.org/mailman/listinfo/samba
> >
>
>
More information about the samba
mailing list