[Samba] Samba 3 - domain admins (not root)?

Jonathan Baker-Bates TMS jonathan at themusicsolution.com
Tue Mar 9 13:54:26 GMT 2004


----- Original Message ----- 
From: "edd payne" <edd at ulu.lon.ac.uk>
To: "Jonathan Baker-Bates TMS" <jonathan at themusicsolution.com>
Cc: <samba at lists.samba.org>
Sent: Tuesday, March 09, 2004 12:40 PM
Subject: Re: [Samba] Samba 3 - domain admins (not root)?
<snip>
> >
> > However, I still can't get my user "jbb" to be a domain admin. I'm
mapping
> > the "smbadmins" group to the NT "Domain Admins" entity like this:
> >
> > net groupmap add ntgroup="Domain Admins" unixgroup=smbadmins
> >
> > and it says it created the mapping successfully, but when I log onto the
> > domain with that account, it doesn't have admin rights. I can see the
> > mapping with:
> >
> > # net groupmap list ntgroup="Domain Admins"
> > Domain Admins (S-1-5-21-3040818230-2349230895-2714690390-3009) ->
smbadmins
> >
> > and in /etc/group I have smbadmins:x:1004:jbb
> >
> > I'm not sure what I'm doing wrong.
>
> you need to use net groupmap modify rather than net groupmap add. the
domain
> admins group should have an SID (the S- number) ending in 512 if it is the
> real "Domain Admins" group. delete the mapping you put in and then repeat
the
> net groupmap command but use:
>
> net groupmap modify ntgroup="Domain Admins" unixgroup=smbadmins
>
> Then when you do net groupmap list you should get:
>
> Domain Admins (S-1-5-21-3040818230-2349230895-2714603090-512) -> smbadmins
>
> and it should work
>
> you also need to "modify" groups such as Domain Users, Domain Guests,
Backup
> Operators etc.
>
> edd
>

Ahhh. Thanks Edd. That's working fine now. I should have guessed when I did
that net groupmap list thar something wasn't right.

Jonathan




More information about the samba mailing list