[Samba] domain user + local admin group

Craig White craigwhite at azapple.com
Thu Feb 9 06:38:20 GMT 2006 

On Thu, 2006-02-09 at 17:27 +1100, Greg Andrews wrote:
> Howdy All,
> 
> My samba server has decided to throw a hissy fit and its quite distressing
> ( not hair tearing out yet but will be soon ). Samba Version 3.02
> 
> To give domain users admin rights to their local machine I have in the
> past simply made domain users part of the local admin group. Perhaps not
> the most elegant solution , but it works.
> 
> I today installed two more machines ( XP sp2 )onto the network and the
> machines joined the domain without any grief, and when you look at users
> and groups on the local machines the admin group has domain admins and the
> users group has domain users ( this done automatically by samba ) however
> if I try to add the domain users group to the local administrators group ,
> which I have done on the other 60 machines on the network, the machine
> simply hangs and says it cant do it.
> Looking at "top" on the server  there is an smbd process which is spawned
> ( and doesn't stop ) which is utilising 99.9% of the server cpu . This is
> a bad thing :(
> 
> I have read the how-to and have gone back over previous emails on the
> subject and am none the wiser.
> 
> I should add that I am far from an expert, and am trying to establish what
> has changed on the system which would cause this behaviour. So far the
> only thing I can see that I have done is to change the root password at
> the linux level ( I then changed the samba root password in desperation to
> the same thing with  /etc/samba/smbpasswd root and entered the same
> password.
> 
> Unfortunately no joy.
> 
> using redhat9 and samba 3.02
> I am reluctant to experiment much as this is a "live" system .
> Any and all help or ideas are appreciated
----
doesn't strike me as having anything whatsoever to do with
passwords...sounds more like a problem with group mapping...

why don't you try posting up - or checking out for yourself...

# net groupmap list

# samba getlocalsid

and see if the SID portion prior to RID's are all in alignment...sounds
like something changed or the "Domain Users" SID isn't correct.

Craig

More information about the samba mailing list