[Samba] Samba 3.0, Windows 2k/XP and usrmgr.exe

James Niven j.niven at fnics.co.uk
Sat Oct 2 17:18:21 GMT 2004 

Regarding this problem,

I have solved the mystery by adding:

admin users = root @domadm

in the [global] section of my smb.conf.  Domain admins can now happily add,
modify and delete users through user manager.

As usual with these things - a 10 second solution to a problem that has
bemused me for hours!!

James Niven


> James Niven schrieb:
> > Hi there
> >
> > I've just finished setting my first Samba PDC for 120ish users
> and so far so
> > good, although its only been live for 2 days!!
> >
> > One problem I've come across (actually I had loads but the HOW-TO, Samba
> > archive and google solved most of them) is with usrmgr.  There is one XP
> > client that I have installed the NT 4 Server Tools software on for the
> > school IT coordinator (note the phrase 'coordinator', not
> exactly a guru or
> > sysadmin) to use to tidy up user names, passwords etc.  We are
> both set up
> > as Domain Admins and have our primary LINUX GID set to 0 (root)
> but neither
> > of us can log in and use the USRMGR.EXE program, it will connect but we
> > can't view, add or delete etc.
> >
> > If I log onto the XP box as root it all works fine, users can be added,
> > deleted, amended etc and of course I could get her to do this or use the
> > server console, su as root and use pdbedit (Yeah, Right!).  I've been
> > pulling my already unsubstantial hair out over this all evening
> and had I
> > invested in the Google IPO I'd be a very rich man by now.  I've
> spent the
> > evening checking net groupmap list, the unix user list, trying
> to get usrmgr
> > to allow me to tell it who has permissions to add users to the
> domain (comes
> > up with an error about local admins not being able to log in locally),
> > adding domain admins to the local admin group, removing users from the
> > domain admin group and adding them again and generally smoking a lot of
> > cigarettes.
> >
> > So, could someone confirm that usrmgr can only be used fully when logged
> > into a 2k/XP machine as root and that there is no functionality for the
> > domain admin group to do this?
> >
> > On the brightside I successfully migrated from a smbpasswd
> backend to tdbsam
> > tonight so life isn't all that bad!!
> >
> > Many Thanks
> >
> > James Niven
> >
> > ps  its my first time so I'm sorry if this has been covered ad nauseam
> > already.
> >

More information about the samba mailing list