[Samba] Samba 3.0, Windows 2k/XP and usrmgr.exe
j.niven at fnics.co.uk
Sat Oct 2 17:18:21 GMT 2004
Regarding this problem,
I have solved the mystery by adding:
admin users = root @domadm
in the [global] section of my smb.conf. Domain admins can now happily add,
modify and delete users through user manager.
As usual with these things - a 10 second solution to a problem that has
bemused me for hours!!
> James Niven schrieb:
> > Hi there
> > I've just finished setting my first Samba PDC for 120ish users
> and so far so
> > good, although its only been live for 2 days!!
> > One problem I've come across (actually I had loads but the HOW-TO, Samba
> > archive and google solved most of them) is with usrmgr. There is one XP
> > client that I have installed the NT 4 Server Tools software on for the
> > school IT coordinator (note the phrase 'coordinator', not
> exactly a guru or
> > sysadmin) to use to tidy up user names, passwords etc. We are
> both set up
> > as Domain Admins and have our primary LINUX GID set to 0 (root)
> but neither
> > of us can log in and use the USRMGR.EXE program, it will connect but we
> > can't view, add or delete etc.
> > If I log onto the XP box as root it all works fine, users can be added,
> > deleted, amended etc and of course I could get her to do this or use the
> > server console, su as root and use pdbedit (Yeah, Right!). I've been
> > pulling my already unsubstantial hair out over this all evening
> and had I
> > invested in the Google IPO I'd be a very rich man by now. I've
> spent the
> > evening checking net groupmap list, the unix user list, trying
> to get usrmgr
> > to allow me to tell it who has permissions to add users to the
> domain (comes
> > up with an error about local admins not being able to log in locally),
> > adding domain admins to the local admin group, removing users from the
> > domain admin group and adding them again and generally smoking a lot of
> > cigarettes.
> > So, could someone confirm that usrmgr can only be used fully when logged
> > into a 2k/XP machine as root and that there is no functionality for the
> > domain admin group to do this?
> > On the brightside I successfully migrated from a smbpasswd
> backend to tdbsam
> > tonight so life isn't all that bad!!
> > Many Thanks
> > James Niven
> > ps its my first time so I'm sorry if this has been covered ad nauseam
> > already.
More information about the samba