[Samba] Samba PDC...need help granting domain admin access
Scott Mecham
icedutah at comcast.net
Wed Oct 4 17:44:01 GMT 2006
#net groupmap list
Domain Users (S-1-5-21-1294588444-3772336984-2656111346-513) -> users
Domain Guests (S-1-5-21-1294588444-3772336984-2656111346-514) -> nobody
Domain Admins (S-1-5-21-1294588444-3772336984-2656111346-512) -> admin
#Global parameters
[global]
netbios name = NAME
workgroup = thedomainname
security = user
encrypt passwords = Yes
server string = SambaDC
interfaces = eth0
socket address = 10.5.73.101
bind interfaces only = Yes
passdb backend = tdbsam
pam password change = Yes
passwd program = /usr/bin/passwd %u
passwd chat = *password* %nn *password* %nn *successfully*
username map = /etc/samba/smbusers
#unix password sync = Yes
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
log level = 3
syslog = 0
log file = /var/log/samba/%m
max log size = 50
#smb ports = 139
admin users = @admin
enable privileges = yes
name resolve order = wins hosts bcasts
time server = Yes
#printcap name = CUPS
#load printers = Yes
#printer admin = @admin
#show add printer wizard = Yes
#################################################
add user script = /usr/sbin/useradd -m %u
delete user script = /usr/sbin/userdel -r %u
add group script = /usr/sbin/groupadd %g
delete group script = /usr/sbin/groupdel %g
add user to group script = /usr/sbin/usermod -G %g %u
add machine script = /usr/sbin/useradd -s /bin/false -d /dev/null %u
shutdown script = /var/lib/samba/scripts/shutdown.sh
abort shutdown script = /sbin/shutdown -c
###############################################
logon script = startup.bat
logon drive = U:
logon path=
logon home=
##############################################
domain logons = yes
local master = yes
os level = 64
preferred master = yes
domain master = yes
wins support = yes
dns proxy = no
name resolve order = wins lmhosts host bcast
utmp = Yes
map acl inherit = Yes
#printing = cups
veto oplock files = /*.doc/*.xls/*.mdb/*.sxw/*.sdw/*.sdc/*.stw/
[IPC$]
hosts allow = 0.0.0.0/0
path = /tmp
[netlogon]
path = /var/lib/samba/netlogon
read only = no
browseable = No
[homes]
comment = Home Directories
hide dot files = Yes
read only = No
browseable = No
Felipe Augusto van de Wiel wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 10/03/2006 06:37 PM, Scott Mecham escreveu:
>
>> I have the latest version of Samba on Fedora Core 4. I need help adding
>> users to the admin group so windows is not so crippled :-\
>> I have used the net groupmap add command to map them to unix group of
>> admin....which is mapped to "Domain Admins" for windows. The users are
>> members of the unix admin group but they have no admin access when
>> logging into the domain.
>>
>
> Please, could you send the result of 'net groupmap list'?
>
>
>
>> I also tried editing the smb.conf. I added
>> admin users = @admin Still didn't work after re-logging on.
>>
>
> And could you send your smb.conf with some log?
>
>
>
>> Any help here with this?
>>
>
> Let's try, but we need some more information.
>
> Kind regards,
>
> - --
> Felipe Augusto van de Wiel <felipe at paranacidade.org.br>
> Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE
> http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300)
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.5 (GNU/Linux)
> Comment: Using GnuPG with Debian - http://enigmail.mozdev.org
>
> iD8DBQFFI69WCj65ZxU4gPQRAgXXAJ9Wdj2cA7sS+jYGAA+6AQhE5NIpAwCfY+Cv
> yNKHdSX4xZ5OCBwrY0Lsjus=
> =xZHB
> -----END PGP SIGNATURE-----
>
More information about the samba
mailing list