[Samba] how can I be a domain admin in 3.0RC3 ?
John H Terpstra
jht at samba.org
Thu Sep 11 17:22:48 GMT 2003
On Thu, 11 Sep 2003, Antoine Jacoutot wrote:
> Hi !
>
> I'm using samba-3.0RC3 as a PDC (for testing).
> I'm using the ldap backend.
> I created 1 user, 1 computer and some groups.
>
> I mapped the unix groups domainadmins to "Domain admins" with
> my_personnal_sid-512.
> I added my user to domainadmins.
> I set "admin users = @domainadmins" in my smb.conf, but I still do not
> have domain admin rights on workstations :(
That's correct. The parameter "admin users" has been deprecated from
Samba-3. You need to add you user to the UNIX domadmins group, then map
the UNIX domadmins group to the NT "Domain Admins" group using:
net groupmap modify ntgroup="Domain Admins" unixgroup=domadmins
Then on each Windows workstation you need to make the "Samba_Domain\Domain
Admins" group a member of the Local Group called "Adminsitrators" while
logged on as the Workstation Administrator.
>
> Any idea about what I did wrong ?
Hope that helps!
- John T.
--
John H Terpstra
Email: jht at samba.org
More information about the samba
mailing list