[Samba] Domain Administrators Not Recognized in Samba3
Travis Groth
lists at netfoo.org
Tue Apr 6 22:24:44 GMT 2004
Uh...yes? root doesn't have a samba account. 'travis' is in the domain
admins group though, which is all you need to join a domain afaik. Take
a look at the ldap chunks and 'net groupmap list' output. Its either
something really stupid or i've uncovered a bug...according to all the
documentation I've seen and examples i've followed, I haven't missed
anything.
--Travis
On Mon, 2004-04-05 at 02:02, Ron Dhillon wrote:
> Travis,
>
> Are you trying to join the domain with this account that is part of the
> Domain Administrators group? By design, Samba only allows the root
> account to join computers to the domain. If you are using the usermap
> function in your smb.conf file, the you can use any name that is aliased
> to the root account.
>
> Ron
>
> Travis Groth wrote:
>
> >Hi,
> >
> >I've been struggling with this for a while now, and i can't figure out
> >whats missing. I have a valid user, who is also a member of the "Domain
> >Admins" group. I can login with smbclient just fine, but administrative
> >rights aren't recognized when i try to join the domain. Group is
> >mapped to the proper SID and a matching POSIX group (just in case).
> >Backend is ldapsam. Here are the relevent chunks from ldap:
> >
> >dn: sambaDomainName=**********,dc=*****,dc=***
> >sambaDomainName: **********
> >sambaSID: S-1-5-21-2608521594-2523984132-290594028
> >sambaAlgorithmicRidBase: 1000
> >objectClass: sambaDomain
> >
> >dn: cn=Domain Admins,ou=groups,dc=******,dc=***
> >objectClass: posixGroup
> >objectClass: sambaGroupMapping
> >cn: Domain Admins
> >gidNumber: 1003
> >sambaSID: S-1-5-21-2608521594-2523984132-290594028-512
> >sambaGroupType: 2
> >memberUid: travis
> >
> >dn: uid=travis,ou=users,dc=******,dc=***
> >objectClass: top
> >objectClass: inetOrgPerson
> >objectClass: posixAccount
> >objectClass: shadowAccount
> >objectClass: sambaSAMAccount
> >cn: travis
> >sn: travis
> >uid: travis
> >uidNumber: 1002
> >gidNumber: 1003
> >homeDirectory: /home/travis
> >loginShell: /bin/bash
> >gecos: System User
> >description: System User
> >sambaLogonTime: 0
> >sambaLogoffTime: 2147483647
> >sambaKickoffTime: 2147483647
> >sambaPwdCanChange: 0
> >sambaPwdMustChange: 2147483647
> >displayName: System User
> >sambaAcctFlags: [UX]
> >sambaSID: S-1-5-21-2608521594-2523984132-290594028-3004
> >sambaPrimaryGroupSID: S-1-5-21-2608521594-2523984132-290594028-512
> >sambaHomeDrive: H:
> >sambaLogonScript: travis.cmd
> >sambaLMPassword: ********************************
> >sambaPwdLastSet: 1081021518
> >sambaNTPassword: ********************************
> >
> >------------------------
> >
> >output of 'net groupmap list':
> >
> >Domain Users (S-1-5-21-2608521594-2523984132-290594028-513) -> Domain
> >Users
> >Domain Admins (S-1-5-21-2608521594-2523984132-290594028-512) -> Domain
> >Admins
> >Domain Guests (S-1-5-21-2608521594-2523984132-290594028-514) -> Domain
> >Guests
> >
> >------------------------
> >
> >output of 'net join -d 2 -U travis *******':
> >
> >[2004/04/03 15:26:50, 0] param/loadparm.c:map_parameter(2418)
> > Unknown parameter encountered: "domain admin group"
> >[2004/04/03 15:26:50, 0] param/loadparm.c:lp_do_parameter(3056)
> > Ignoring unknown parameter "domain admin group"
> >[2004/04/03 15:26:50, 2] lib/interface.c:add_interface(79)
> > added interface ip=192.168.0.4 bcast=192.168.0.255 nmask=255.255.255.0
> >travis password:
> >[2004/04/03 15:26:52, 2] libsmb/namequery.c:name_query(484)
> > Got a positive name query response from 127.0.0.1 ( 192.168.0.4 )
> >[2004/04/03 15:26:52, 1] utils/net_ads.c:ads_startup(181)
> > ads_connect: Connection refused
> >[2004/04/03 15:26:52, 2] libsmb/namequery.c:name_query(484)
> > Got a positive name query response from 127.0.0.1 ( 192.168.0.4 )
> >[2004/04/03 15:26:52, 1] utils/net_rpc.c:run_rpc_command(138)
> > rpc command function failed! (NT_STATUS_ACCESS_DENIED)
> >Create of workstation account failed
> >User specified does not have administrator privileges
> >Unable to join domain ************.
> >[2004/04/03 15:26:53, 2] utils/net.c:main(767)
> > return code = 1
> >
> >------------------------
> >smb.conf:
> >
> >passdb backend = ldapsam:ldap://**********
> >ldap suffix = dc=*******,dc=***
> >ldap machine suffix = ou=computers
> >ldap user suffix = ou=users
> >ldap admin dn = "cn=admin,dc=netfoo,dc=org"
> >ldap ssl = no
> >
> >ldap delete dn = no
> > workgroup = **********
> >netbios name = *******
> >comment = ldap samba test server
> >security = user
> >null passwords = yes
> >encrypt passwords = yes
> > domain master = yes
> >domain logons = yes
> >preferred master = yes
> >os level = 255
> >
> >wins support = yes
> >
> >public = No
> >browseable = yes
> >writable = yes
> >
> >------------------------
> >
> >
> >If anyone sees what I'm missing, it would be greatly appreciated.
> >
> >Thanks
> >
> >--Travis Groth
> >
> >
> >
>
>
More information about the samba
mailing list