[Samba] No full administrator-permissions on local machines with samba 3 domain login

Andrew Bartlett abartlet at samba.org
Wed Mar 10 21:11:49 GMT 2004

On Thu, 2004-03-11 at 01:27, RRuegner wrote:
> Beast schrieb:
> > * Joern Frenzel <frenzel at wave-computer.de> nulis:
> > 
> > 
> >>additonaly to my question. we can not add or change usres in the domain if 
> >>we're loged in on a client (as domainadmin sure). and thats wht we want to 
> >>do :-(
> > 
> > 
> > 
> > What is pdbedit -Lv administrator says? esp. on primary group SID
> > 
> > 
> > --beast
> > 
> Hi,
> i found the same Problem: group Administrators in win normally should be 
> a part of Domain admins, so every member of domain admins should be in 
> Administrators automaticly too, but i think this cant be done in unix

Correct. But that is being worked on.  However, your implication is
incorrect.  It is the windows client that expands the groups, so if you
are correctly a 'domain admin', then you automatically become part of
the 'local administrators'.

Make sure your group mapping is really correct.

Andrew Bartlett

Andrew Bartlett                                 abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet at samba.org
Student Network Administrator, Hawker College   abartlet at hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20040311/291082bc/attachment.bin

More information about the samba mailing list