[Samba] Re: adding computer in domain with user other than root

Jean-Rene Cormier jean-rene.cormier at cipanb.ca
Mon Nov 3 11:53:24 GMT 2003


On Mon, 2003-11-03 at 01:20, Robert wrote:
> I have done this successfully with samba 2.2.8a and an LDAP backend with
> openldap.  I had difficulty with the regular smbpasswd file in that I was
> unable to join.  I haven't tried the regular smbpasswd backend in a while
> because I made the switch to ldap.  Is there anything special I need to do
> with the plain old smbpasswd backend.

I haven't used the old smbpasswd backend in a pretty long time either so
I wouldn't know...

> Have you done the same with samba 3?  I'm looking for the equivalent for
> samba 3.  I created a group called domain-admins, and mapped it with the net
> groupmap add command.  The ntgroup name is "Domain Admins" and I manually
> set the rid to 512.  If I add users to the group, but join the domain with
> the root account added via smbpasswd, the members of the group are
> recognized as domain admins.  I still can't join the domain with an account
> from that group.

I haven't played much with Samba 3 yet, but I'll be installing it when
I'll have some time to do so.

Jean-Rene Cormier

> Please help.
> Bob.
> 
> 
> 
> "Jean-Rene Cormier" <jean-rene.cormier at cipanb.ca> wrote in message
> news:1067615487.1995.27.camel at forbidden.cipanb.ca...
> > My smb.conf is pretty basic, I don't see anything else other than the
> > domain admin group that would change that behaviour.
> >
> > Here's part of my smb.conf:
> >
> > [global]
> >         workgroup = DOMAIN
> >         netbios name = SERVER
> >         server string = SERVER
> >         interfaces = 192.168.0.2 127.0.0.1
> >         bind interfaces only = Yes
> >         encrypt passwords = Yes
> >         passwd program = /usr/bin/passwd %u
> >         username map = /etc/samba/private/usermap
> >         unix password sync = Yes
> >         log file = /var/log/samba/%m
> >         socket options = TCP_NODELAY IPTOS_LOWDELAY SO_KEEPALIVE
> >
> >         name resolve order = wins bcast hosts
> >         domain admin group = root, admina, adminb
> >         logon path = \\%N\profiles\%u
> >         logon drive = I:
> >         domain logons = Yes
> >         os level = 35
> >         preferred master = Yes
> >         local master = Yes
> >         domain master = Yes
> >         wins support = Yes
> >
> ldap server = 127.0.0.1
> >         ldap port = 389
> >         ldap suffix = "dc=domain,dc=com"
> >         ldap admin dn = "uid=smbadmin,ou=People,dc=domain,dc=com"
> >         ldap ssl = Yes
> >
> > Jean-Rene Cormier
> >
> > On Fri, 2003-10-31 at 11:36, werner maes wrote:
> > > I'm glad it works for you :-)
> > > can you give some configuration details of smb.conf?
> > >
> > > I have: domain admin group = root ldaptest.
> > >
> > > Werner
> > >
> > > At 11:27 31/10/2003, Jean-Rene Cormier wrote:
> > > >I just reformatted a computer and I joined it with my regular username
> > > >which doesn't have uid=0 and is not mapped to root either. I thought
> > > >that maybe it was because the machine account was already in LDAP so I
> > > >booted up another Windows in VMWare and removed it from the domain and
> > > >changed the computer name to one that wasn't already in LDAP and I was
> > > >able to join it with the same username. I'm using the "domain admin
> > > >group" and it seems to be working fine. Running on Samba 2.2.8a btw.
> > > >
> > > >Jean-Rene Cormier
> > > >
> > > >On Fri, 2003-10-31 at 10:37, Thiago Lima wrote:
> > > > > The user MUST be root, if you want to use another user map it to
> root in
> > > > > smbusers.
> > > > >
> > > > >
> > > > > regards.
> > > > > thiago.
> > > > >
> > > > >
> > > > > > I tried to add a computer to a Samba domain using another account
> > > > > > (testuser) than root.
> > > > > > I use LDAP for authentication and added the account
> > > > > > (testuser) with uid=0
> > > > > > in ldap. If I use this account to add an computer to the
> > > > > > domain I get the
> > > > > > error: "Access is denied".
> > > > > >
> > >
> > >
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  http://lists.samba.org/mailman/listinfo/samba
> >
> 
> 




More information about the samba mailing list