[Samba] Logins require local admin membership on Windows XP

Lee Ball lee at effective-it.co.uk
Tue Jul 5 15:50:31 GMT 2005 

>> Hello,
>>
>> This is my first post to this list so if I break any rules be gentle :)
>>
>> I will try to put in as much detail into this as I can, here I go:
>>
>> We have a domain at work with Samba (samba-3.0.10-1.fc2) as the PDC. 
>> The Linux box is running FC2 as the rpm suggests running on a 
>> 2.6.5-1.358smp kernel.
>>
>> The problems that we exhibit is that unless you have your domain 
>> account made a member of the administrators group on the workstation 
>> for things to work correctly, if your not various things break:
>>
>> Desktop wallpaper displays when logging in then is replaced with a 
>> blue background default desktop
>> Outlook won't run and reports "Outlook cannot start" when trying to 
>> run it (although Thunderbird works)
>> Track-it won't run, it just simply hangs and then ends with Not 
>> responding
>
>
> I've only experienced this during some kind of upgrade.  It's 
> typically the result of trying to load a profile that has a different 
> SID.  Always the best way to do these things (if running XP Pro) is to 
> use the files and settings transfer wizard on client machines, do 
> upgrade and reimport the profile into the user account.  Of course on 
> large networks this is not a good option.
> For larger situations, or if running nt4/w2k you need to keep your 
> SID, and your user SID's.
>
How does making the user a local administrator cure this though?

Also, I thought this could have been something like that so what I did 
was remove all of the domain profiles from the workstation (by right 
clicking My Computer and going through Profiles and deleting them) and 
then I removed the machine from the domain and rejoined it again. This 
didn't solve anything though (as you will gather from me emailing the list).

Its almost as if a domain account doesn't have any rights on the 
machine. For example the My Documents mapping doesn't get done (it 
should remap to H:\ although this isn't in the netlogon script), I can't 
access the clock on the machine either, it complains saying "You do not 
have the proper privilege level to change the System Time".


Thanks for the swift reply,

-- 
Lee Ball
08707 45 87 14
 effective  it.

More information about the samba mailing list