[Samba] domain admin group does not have root privileges on windows 2000 or xp machines

nomine ignoto techelles at yahoo.com
Tue Sep 28 22:51:36 GMT 2004 

I recently upgraded to samba 3 (running on FreeBSD 4.10).  I quickly discovered the lack of the
domain admins setting from samba 2, and found documentation directing me to use net groupmap.  So
I've got the domain admins group set to include @wheel:

olympus# net groupmap list
System Operators (S-1-5-32-549) -> -1
Replicators (S-1-5-32-552) -> -1
Guests (S-1-5-32-546) -> -1
Domain Users (S-1-5-21-1328167348-507421394-93929189-513) -> domuser
Power Users (S-1-5-32-547) -> -1
Domain Guests (S-1-5-21-1328167348-507421394-93929189-514) -> domguest
Print Operators (S-1-5-32-550) -> -1
Administrators (S-1-5-32-544) -> wheel
Account Operators (S-1-5-32-548) -> -1
Domain Admins (S-1-5-21-1328167348-507421394-93929189-512) -> wheel
Backup Operators (S-1-5-32-551) -> -1
Users (S-1-5-32-545) -> -1

All the windows boxes in my domain still have their default administrative shares
(//super1337/c$), and all of them have the domain admin group set to belong to the admin group
(all this is the default).  However, when I attempt to connect via smblcient:

oh, never mind.  it works now.

but wait... alright, one of the three users in the wheel works.  the other two still get:

olympus# smbclient -U danh //gandolf/c$ 
Password: 
Domain=[EBCRP] OS=[Windows 5.0] Server=[Windows 2000 LAN Manager]
tree connect failed: NT_STATUS_ACCESS_DENIED

this is what I was getting for the one user all day until I went to get the example for this
message.  now it is working and the other two still aren't.  what the bloody hell is going on
here?  

oh, you know what?  if the group is wheel, it doesn't work, but if I put the same users in another
group, then it works.  except for one machine which is being retarded and we don't know why.

the moral of the story?

wheel  + domain admin group in samba don't seem to get along. 

if anyone can explain this behavior, please feel free, otherwise this post turned from a question
into an answer.  kind of.



		
_______________________________
Do you Yahoo!?
Declare Yourself - Register online to vote today!
http://vote.yahoo.com

More information about the samba mailing list