[Samba] Users privilege in a NT-DOMAIN with samba as PDC

nik600 hotmail nik600 at gmail.com
Sat Sep 24 07:30:43 GMT 2005


i am experiencing some problem with the configuring of samba as a PDC in a
NT-network, ive configured samba as PDC, created users, set there password
with smbpasswd and mapped unixgroup to nt group as follows:

System Operators (S-1-5-32-549) -> -1
Domain Users (S-1-5-21-3614578222-3141096634-3044101766-513) -> root
Replicators (S-1-5-32-552) -> -1
Guests (S-1-5-32-546) -> -1
Power Users (S-1-5-32-547) -> users
Print Operators (S-1-5-32-550) -> -1
Administrators (S-1-5-32-544) -> -1
Domain Admins (S-1-5-21-3614578222-3141096634-3044101766-512) -> users
Domain Guests (S-1-5-21-3614578222-3141096634-3044101766-514) -> -1
Account Operators (S-1-5-32-548) -> -1
Backup Operators (S-1-5-32-551) -> -1
Users (S-1-5-32-545) -> -1

on the windows client i've set in the local group "Power Users" the domain
group "Domain Users"

the problem is that the user can log-in but they are extremely limited, they
can't set their home page, or set preferences in I.E., or preferences
regarding files (show hidden files...)

the only solution i've guessed at the moment is to add "Domain Users" samba
group to "Administrators" local group...it works! but it let the user to
login as a local administrator! and i dont' want it! ;-)

can you suggest me some controls to do?

the server runs samba 3.0.10 on a slackware 10.1 kernel 2.6.12

thanks in advance


More information about the samba mailing list