[Samba] Samba 3 - domain admins (not root)?
Jonathan Baker-Bates TMS
jonathan at themusicsolution.com
Tue Mar 9 13:54:26 GMT 2004
----- Original Message -----
From: "edd payne" <edd at ulu.lon.ac.uk>
To: "Jonathan Baker-Bates TMS" <jonathan at themusicsolution.com>
Cc: <samba at lists.samba.org>
Sent: Tuesday, March 09, 2004 12:40 PM
Subject: Re: [Samba] Samba 3 - domain admins (not root)?
> > However, I still can't get my user "jbb" to be a domain admin. I'm
> > the "smbadmins" group to the NT "Domain Admins" entity like this:
> > net groupmap add ntgroup="Domain Admins" unixgroup=smbadmins
> > and it says it created the mapping successfully, but when I log onto the
> > domain with that account, it doesn't have admin rights. I can see the
> > mapping with:
> > # net groupmap list ntgroup="Domain Admins"
> > Domain Admins (S-1-5-21-3040818230-2349230895-2714690390-3009) ->
> > and in /etc/group I have smbadmins:x:1004:jbb
> > I'm not sure what I'm doing wrong.
> you need to use net groupmap modify rather than net groupmap add. the
> admins group should have an SID (the S- number) ending in 512 if it is the
> real "Domain Admins" group. delete the mapping you put in and then repeat
> net groupmap command but use:
> net groupmap modify ntgroup="Domain Admins" unixgroup=smbadmins
> Then when you do net groupmap list you should get:
> Domain Admins (S-1-5-21-3040818230-2349230895-2714603090-512) -> smbadmins
> and it should work
> you also need to "modify" groups such as Domain Users, Domain Guests,
> Operators etc.
Ahhh. Thanks Edd. That's working fine now. I should have guessed when I did
that net groupmap list thar something wasn't right.
More information about the samba