[Samba] can't open/create local group with usrmgr

Wed Oct 26 11:55:31 GMT 2005

Still trying..., so...

I made user [Domain]\Administrator, I run usrmgr as it, when I open a local 
group, usrmgr shows message:
The specified local group does not exist.

And the log still says:

[2005/10/26 18:42:48, 0] lib/smbldap.c:smbldap_open(822)
  smbldap_open: cannot access LDAP when not root..
[2005/10/26 18:42:48, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(1972)
  ldapsam_search_one_group: Problem during the LDAP search: LDAP error: 
(Time limit exceeded)

Yes, Administrator's group is "Domain Admins" and I set all the privs to it, 
but I don't set the privs to Administrator, should I do it? IMO, it still 
will not work, cause when I applied all privs to a user, it failed.

Why I made user Administrator, cause it's noticed on the doc to create a 
user that will manage the domain besides user root or even not to use user 
root. The user root will be removed as soon as poosible.

TiA,
yaya

----- Original Message ----- 
From: "yaya" <MaceWinX at HotPOP.com>
To: <samba at lists.samba.org>
Sent: Wednesday, October 26, 2005 3:59 PM
Subject: Re: [Samba] can't open/create local group with usrmgr

> Yes, I 'enable privileges = yes' in smb.conf.
>
> [root at server-1 sbin]# ./smbldap-usermod -G +512 yaya
> User "yaya" already member of the group "512".
>
> ..but....
> [root at server-1 sbin]# ldapsearch -x -D 
> cn=Manager,dc=sma,dc=al-izhar-jkt,dc=sch,dc=id -W uid=yaya
> ...cutted....
> gidNumber: 513
> sambaPrimaryGroupSID: S-1-5-21-2567078096-2875653774-645762936-513
> ...cutted....
>
> Should I set the 'gidNumber: 512 and the 'sambaPrimaryGroupSID: 
> S-1-5-21-2567078096-2875653774-645762936-512' too?
>
> [root at server-1 sbin]# net rpc rights list accounts
> Password:
> ..cutted..
> SMA\Domain Admins
> SeMachineAccountPrivilege
> SeRemoteShutdownPrivilege
> SePrintOperatorPrivilege
> SeAddUsersPrivilege
> SeDiskOperatorPrivilege
> ..cutted..
>
> TiA,
> yaya 