[Samba] Domain Administrators Not Recognized in Samba3
Travis Groth
travis at netfoo.org
Sat Apr 3 20:32:26 GMT 2004
Hi,
I've been struggling with this for a while now, and i can't figure out
whats missing. I have a valid user, who is also a member of the "Domain
Admins" group. I can login with smbclient just fine, but administrative
rights aren't recognized when i try to join the domain. Group is
mapped to the proper SID and a matching POSIX group (just in case).
Backend is ldapsam. Here are the relevent chunks from ldap:
dn: sambaDomainName=**********,dc=*****,dc=***
sambaDomainName: **********
sambaSID: S-1-5-21-2608521594-2523984132-290594028
sambaAlgorithmicRidBase: 1000
objectClass: sambaDomain
dn: cn=Domain Admins,ou=groups,dc=******,dc=***
objectClass: posixGroup
objectClass: sambaGroupMapping
cn: Domain Admins
gidNumber: 1003
sambaSID: S-1-5-21-2608521594-2523984132-290594028-512
sambaGroupType: 2
memberUid: travis
dn: uid=travis,ou=users,dc=******,dc=***
objectClass: top
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
objectClass: sambaSAMAccount
cn: travis
sn: travis
uid: travis
uidNumber: 1002
gidNumber: 1003
homeDirectory: /home/travis
loginShell: /bin/bash
gecos: System User
description: System User
sambaLogonTime: 0
sambaLogoffTime: 2147483647
sambaKickoffTime: 2147483647
sambaPwdCanChange: 0
sambaPwdMustChange: 2147483647
displayName: System User
sambaAcctFlags: [UX]
sambaSID: S-1-5-21-2608521594-2523984132-290594028-3004
sambaPrimaryGroupSID: S-1-5-21-2608521594-2523984132-290594028-512
sambaHomeDrive: H:
sambaLogonScript: travis.cmd
sambaLMPassword: ********************************
sambaPwdLastSet: 1081021518
sambaNTPassword: ********************************
------------------------
output of 'net groupmap list':
Domain Users (S-1-5-21-2608521594-2523984132-290594028-513) -> Domain
Users
Domain Admins (S-1-5-21-2608521594-2523984132-290594028-512) -> Domain
Admins
Domain Guests (S-1-5-21-2608521594-2523984132-290594028-514) -> Domain
Guests
------------------------
output of 'net join -d 2 -U travis *******':
[2004/04/03 15:26:50, 0] param/loadparm.c:map_parameter(2418)
Unknown parameter encountered: "domain admin group"
[2004/04/03 15:26:50, 0] param/loadparm.c:lp_do_parameter(3056)
Ignoring unknown parameter "domain admin group"
[2004/04/03 15:26:50, 2] lib/interface.c:add_interface(79)
added interface ip=192.168.0.4 bcast=192.168.0.255 nmask=255.255.255.0
travis password:
[2004/04/03 15:26:52, 2] libsmb/namequery.c:name_query(484)
Got a positive name query response from 127.0.0.1 ( 192.168.0.4 )
[2004/04/03 15:26:52, 1] utils/net_ads.c:ads_startup(181)
ads_connect: Connection refused
[2004/04/03 15:26:52, 2] libsmb/namequery.c:name_query(484)
Got a positive name query response from 127.0.0.1 ( 192.168.0.4 )
[2004/04/03 15:26:52, 1] utils/net_rpc.c:run_rpc_command(138)
rpc command function failed! (NT_STATUS_ACCESS_DENIED)
Create of workstation account failed
User specified does not have administrator privileges
Unable to join domain ************.
[2004/04/03 15:26:53, 2] utils/net.c:main(767)
return code = 1
------------------------
smb.conf:
passdb backend = ldapsam:ldap://**********
ldap suffix = dc=*******,dc=***
ldap machine suffix = ou=computers
ldap user suffix = ou=users
ldap admin dn = "cn=admin,dc=netfoo,dc=org"
ldap ssl = no
ldap delete dn = no
workgroup = **********
netbios name = *******
comment = ldap samba test server
security = user
null passwords = yes
encrypt passwords = yes
domain master = yes
domain logons = yes
preferred master = yes
os level = 255
wins support = yes
public = No
browseable = yes
writable = yes
------------------------
If anyone sees what I'm missing, it would be greatly appreciated.
Thanks
--Travis Groth
More information about the samba
mailing list