[Samba] domain admin
Antoine Jacoutot
ajacoutot at lphp.org
Mon Sep 15 10:31:08 GMT 2003
Hi !
I'm desperately looking for an answer here...
I've been fighting all week-end with samba-3.0 and there's still
something I can't do...
Basically: how can I add some of my users to the Domain admin group ?
I use FreeBSD-5.1+samba3.0RC3.
My group maps:
Admins du domaine (S-1-5-21-xxxx-512) -> domainadmins
Utilisa. du domaine (S-1-5-21-xxxx-513) -> domainusers
Invites du domaine (S-1-5-21-xxxx-514) -> domainguests
Ordinateurs du domaine (S-1-5-21-xxxx-515) -> domaincomputers
All my users sambaPrimaryGroupSID are set to 513. Now, I added some
users to the "domainadmins" group (with the memberUid attribute in LDAP)
but they do not get admin priviledges on NT workstations...
What am I missing here ?
I also added "@domainadmins" to the "user admins" parameter in smb.conf,
but it does not work.
Any tips would be really appreciated :)
Thanks.
Here is an LDIF file export of one of my users and the domainadmins group:
dn: uid=ajacoutot, ou=utilisateurs, dc=dioranews,dc=com
sambaLMPassword: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
sambaPrimaryGroupSID: S-1-5-21-xxxxxxxxxxxxxxxxxxxxxxxxxxxx-513
displayName: Antoine Jacoutot
sambaLogonScript: user.bat
objectClass: account
objectClass: posixAccount
objectClass: sambaSamAccount
userPassword:: xxxxxxxxxxxxxxxxxxxxxxxxxxxxx
sambaHomeDrive: Z:
uid: ajacoutot
uidNumber: 10000
cn: ajacoutot
sambaPwdLastSet: 1063621091
sambaAcctFlags: [U ]
loginShell: /bin/csh
sambaProfilePath: \\TESTBOX\ajacoutot\profile
gidNumber: 513
sambaPwdMustChange: 1065435491
sambaNTPassword: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
sambaPwdCanChange: 1063621091
gecos: Antoine Jacoutot
sambaSID: S-1-5-21-xxxxxxxxxxxxxxxxxxxxxxxx-21000
description: Utilisateur Dioranews
homeDirectory: /exports/home/ajacoutot
sambaHomePath: \\TESTBOX\ajacoutot
dn: cn=domainadmins, ou=groupes, dc=dioranews,dc=com
sambaSID: S-1-5-21-xxxxxxxxxxxxxxxxxxxxxxxx-512
gidNumber: 512
displayName: Admins du domaine
sambaGroupType: 2
memberUid: ajacoutot
objectClass: posixGroup
objectClass: top
objectClass: sambaGroupMapping
cn: domainadmins
More information about the samba
mailing list