[Samba] Problem with Domain Administrator rights in samba 3.0.2
Philip M Grisedale
pmg at anvil.com
Wed Aug 25 11:18:30 GMT 2004
ALL
I have set-up Samba to run as a PDC its been running great now for over 6
months with no probs. I am looking to add to this by setting up a Domain
Administrator so I can run audits, remote patch updates, reg hacks etc. I
have followed the instructions but have I have no domain rights with 'Domain
Admins' but i do have domain rights with 'Admin Users'.
Heres my set-up.
Any help would be great.
I setup a administrators group called ntadm,
ntadmin:*:250:pmg,administrator,root
And I have mapped the goup to samba...
System Operators (S-1-5-32-549) -> -1
Replicators (S-1-5-32-552) -> -1
Guests (S-1-5-32-546) -> -1
Admin Users (S-1-5-21-3967392933-3615524997-2202084585-1501) -> ntadmin
Domain Guests (S-1-5-21-3967392933-3615524997-2202084585-514) -> -1
Domain Admins (S-1-5-21-3967392933-3615524997-2202084585-512) -> ntadmin
Power Users (S-1-5-32-547) -> -1
Print Operators (S-1-5-32-550) -> -1
Administrators (S-1-5-32-544) -> ntadmin
Account Operators (S-1-5-32-548) -> -1
Domain Users (S-1-5-21-3967392933-3615524997-2202084585-513) -> anvil
Backup Operators (S-1-5-32-551) -> -1
Users (S-1-5-32-545) -> -1
When I log into the domain as user 'pmg' or 'administrator', the samba log
shows...
administrator logged in as admin user (root privileges)
or
pmg logged in as admin user (root privileges)
But I dont have domain rights, when accessing the user panel I get...
"You must be a member of the Administrators group on this computer to open
user accounts"
If I add `Admin Users' to local administrator group on any client PC I have
Domain Administrator rights.
[global]
netbios name = MOTHER
workgroup = ANVIL
passdb backend = smbpasswd
os level = 64
socket options = TCP_NODELAY
preferred master = yes
domain master = yes
local master = yes
log level = 1
security = user
domain logons = yes
logon path = \\MOTHER\profile\%u
logon drive = H:
logon home = \\MOTHER\users\%u
logon script = %u.bat
smb passwd file = /usr/local/samba/private/smbpasswd
unix password sync = true
passwd program = /bin/passwd %u
passwd chat = *New*password* %n\n *Re-enter*new*password* %n\n
*passwd*successfully*changed*
passwd chat debug = yes
admin users = @ntadmin
add user script = /usr/sbin/useradd -d /dev/null -g 100 -s /bin/false -M
%u
printing = sysv
printcap name = /etc/printcap
load printers = yes
print command = /usr/ucb/lpr -P%p -r %s
use client driver = yes
preferred master = yes
[netlogon]
path = /vols/NT/netlogon
read only = yes
write list = ntadmin
;share for storing user profiles..
[profile]
path = /vols/users/%U/roaming
read only = no
create mask = 0600
directory mask = 0700
profile acls = yes
[projects]
guest ok = no
read only = no
create mask = 0775
path=/vols/projects
[projectdocs]
guest ok = no
read only = no
path = /vols/projects/management
force create mode = 0775
force directory mode = 0775
[trees]
guest ok = no
read only = no
path=/vols/trees
[trees2]
guest ok = no
read only = no
path=/vols/trees2
[users]
guest ok = no
read only = no
path=/vols/users
[users2]
guest ok = no
read only = no
path=/vols/users2
[reference]
guest ok = no
read only = no
path=/vols/reference
[printers]
comment = All Printers
printable = yes
writable = no
[support]
guest ok = no
read only = no
path=/vols/support
[common]
guest ok = no
read only = no
path=/vols/common
[NT]
guest ok = no
read only = no
path=/vols/NT
[ATE]
guest ok = no
read only = no
path=/home/ate
force user = ate
valid users = @ate
[source]
guest ok = no
read only = no
path=/vols/src
[Virus]
guest ok = no
read only = no
path = /vols/NT/Virus
[EMCO]
guest ok = no
read only = no
path = /vols/NT/EMCO
[demoapps]
guest ok = no
read only = no
path=/vols/demoapps
More information about the samba
mailing list