[Samba] domain admin issue

Trey Nolen tnolen at internetpro.net
Fri Jul 30 15:06:29 GMT 2004 

I have a new Debian testing machine running the Debian Samba 3.0.5.
Everything seems OK except that I cannot get users to have domain admin
rights.  I have Windows XP workstations. The workstations join and log
onto the domain fine.

A "net groupmap list" yields:

server:/home/tnolen# net groupmap list
System Operators (S-1-5-32-549) -> -1
Replicators (S-1-5-32-552) -> -1
Guests (S-1-5-32-546) -> -1
Domain Users (S-1-5-21-3876029557-4061927837-2224609541-513) -> users
Power Users (S-1-5-32-547) -> -1
Print Operators (S-1-5-32-550) -> -1
Administrators (S-1-5-32-544) -> domadm
Domain Admins (S-1-5-21-3876029557-4061927837-2224609541-512) -> domadm
Account Operators (S-1-5-32-548) -> -1
Domain Guests (S-1-5-21-3876029557-4061927837-2224609541-514) -> nogroup
Backup Operators (S-1-5-32-551) -> -1
Users (S-1-5-32-545) -> -1

My user, for example, is in the domadm group:
server:/home/tnolen# groups tnolen
tnolen : users domadm

I have tried several combinations of group mappings but all yield the
same result. Basically, the user is just a regular user.

When the workstations join the domain, the Domain Admins group DOES get
added to the local Administrators group as it should.
I've checked Debian's website to see if this is a known bug with their
version of Samba, but there is no mention of it.

Relevant parts of smb.conf:
[global]
        workgroup = SRB
        server string = %h server
        interfaces = 192.168.1.254/24
        bind interfaces only = Yes
        passdb backend = smbpasswd, guest
        passwd program = /usr/bin/passwd %u
        passwd chat = *Enter\snew\sUNIX\spassword:* %n\n
*Retype\snew\sUNIX\spassword:* %n\n .
        unix password sync = Yes
        syslog = 0
        max log size = 1000
        name resolve order = wins lmhosts host bcast
        socket options = IPTOS_LOWDELAY TCP_NODELAY SO_SNDBUF=4096
SO_RCVBUF=4096
        add user script = /usr/sbin/useradd -d /dev/null -g 100 -s
/bin/false -M %u
        add machine script = /usr/sbin/useradd -d /dev/null -g 100 -s
/bin/false -M %u
        logon script = startup.bat
        logon path =
        logon home =
        domain logons = Yes
        os level = 60
        preferred master = Yes
        domain master = Yes
        dns proxy = No
        wins support = Yes
        panic action = /usr/share/samba/panic-action %d
        hosts allow = 192.168.1.
        use client driver = Yes

[netlogon]
        path = /etc/samba/netlogon
        browseable = No

[shared]
        comment = Shared files
        path = /home/shared
        read only = No
        force create mode = 0777
        force directory mode = 0777


Any help would be greatly appreciated.


Trey Nolen

More information about the samba mailing list