[Samba] Administrator and Samba PDC

Thu Jan 22 10:25:28 GMT 2004

The "Admin Users" option in smb.conf has (AFAIK) been deprecated in Samba 3.0, 
instead you should create a unix group called "ntadmin" or similar and then 
run

"net groupmap modify ntgroup="Domain Admins" unixgroup=ntadmin"

on the *nix box, or man net to learn more about it.

If you are using Samba 2 then the admin users option in smb.conf is the way 
forward, man smb.conf to learn more.

To make a user an administrator on a single workstation, on Windows 2000 go to 
Control Panel > Users and Passwords, then select the user, click 
"Properties", select the "Group Membership" tab and choose "Administrators" 
under Other. If you cant see the user in the list, select "Add" and enter the 
users name and the name of the domain they belong to, then make them a member 
of "Administrators". Note that this only makes them a local admin - to make 
them a domain admin (should you so require) add them to the group on the 
linux box. Windows XP Pro should be the same.

Incidentally, I've still not managed to work out how to do the above on a NT 4 
Workstation box, which is the majority of our workstations here. Does anybody 
have any advice, have I missed something obvious, or is this a new feature in 
Win2k? 

Ta
edd

On Thursday 22 Jan 2004 10:11 am, rruegner wrote:
> Hi,
> using samba 3 you should add
> a User called Administrator
> and a line called
> admin users = root, Administrator
> but i would advice you to use the user root instead of Administrator
> for administration especially if you wanna use usrmgr.
> Best Regards
> ----- Original Message -----
> From: "Robert Brugman" <rbrugman at chartermi.net>
> To: <samba at lists.samba.org>
> Sent: Thursday, January 22, 2004 3:29 AM
> Subject: [Samba] Administrator and Samba PDC
>
> > Hello,
> > I posted yesterday about using samba as a primary domain controller.  I
> > have a couple other issues I need help resolving.
> >
> > I got my profiles copied over, but some things seem different.  For
> > example, Norton Antivirus Corporate doesn't load in the lower right
> > like it does on my local account.  Mainly stuff like that.  The only
> > other issues I am having are with Administrators.  I need to be an
> > administrator on the network, but I'm not sure what I need to do to
> > make myself one.  Also, is it possible to make a user an administrator
> > for just one workstation?  The last issue is with login/logout scripts.
> >   When my user logs in, it executes a batch file that contains calls to
> > change my resolution to 1600x1200.  When I log out, the logoff script
> > tells multires.exe to put it back to 1024x768.  Where would I put this
> > script so that it runs?  Where would I put the logoff script?
> >
> > Thanks SO much in advance!
> >
> > Robert
> > P.S.  Please use the reply-all function of your mail program to reply
> > so it can skip my mail filters and put the much-needed answers right in
> > my mailbox.  Thanks!
> >
> > ~Robert Brugman~
> > This e-mail is X.509 happy ;-)
> > GPG Fingerprint: D710 B8D9 C72A AB56 174F  71AC 3619 9F32 8250 6034
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  http://lists.samba.org/mailman/listinfo/samba

-- 
Edd Payne
IT Co-ordinator
University of London Union
Malet Street, London WC1E 7HY

tel: 020 7664 2060
fax: 020 7436 4604