[Samba] Cannot get DOMAIN ADMINS to work

Heinrich Rebehn rebehn at ant.uni-bremen.de
Fri Dec 10 13:54:48 GMT 2004 

Hi list,

After reading a lot in the mailing list and the official Samba 3 howto, 
i am still unable to give domain admin rights to a user, so that he gets 
admin rights on all workstations in the domain.

Here is what i have:

- Samba 3.08 PDC, config:

[global]
    workgroup = ANT
    netbios name = ANTSRV
    netbios aliases       = RUN KITS HOMES LIB PRINTERS
    server string = ANT Samba Server %v

    printcap name = /etc/samba/smbprintcap
    load printers = yes
    printing = lprng
    printer admin = @adm

    log file = /var/log/samba/log.%m
    max log size = 50

    map to guest = bad user
    security = user
    encrypt passwords = yes
    smb passwd file = /etc/samba/private/smbpasswd

    socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
    local master = yes
    os level = 33
    domain master = yes
    preferred master = yes
    domain logons = yes
    logon path = \\%L\Profiles\%U

<shares removed>

- Client: Vanilla Windows XP professional, SP2, domain member, no 
special registry settings

- Groups:

root at antsrv2 [~] # net groupmap list
System Operators (S-1-5-32-549) -> -1
Replicators (S-1-5-32-552) -> -1
Guests (S-1-5-32-546) -> -1
Power Users (S-1-5-32-547) -> -1
Print Operators (S-1-5-32-550) -> -1
Administrators (S-1-5-32-544) -> ntadmin
Account Operators (S-1-5-32-548) -> -1
Domain Users (S-1-5-21-4008939791-1949703945-886196202-513) -> wiss
Domain Admins (S-1-5-21-4008939791-1949703945-886196202-512) -> ntadmin
Backup Operators (S-1-5-32-551) -> -1
Domain Guests (S-1-5-21-4008939791-1949703945-886196202-514) -> nogroup
Users (S-1-5-32-545) -> wiss

root at antsrv2 [~] # getent group ntadmin
ntadmin:x:1060:rebehn

This should be enough to give user rebehn admin rights on all 
workstaions in the domain, right?

But it does not work. When i try to partition disks on a workstation, i 
get a message saying that i do not have the nessecary rights.

Questions:
- Did i miss something obvious?
- How can i debug on server/client side ?

Thanks for any help.

PS: winbindd is not running. Do i need it?
-- 

Heinrich Rebehn

University of Bremen
Physics / Electrical and Electronics Engineering
- Department of Telecommunications -

Phone : +49/421/218-4664
Fax   :            -3341

More information about the samba mailing list