RE [Samba] root != admin domain user?

stephane.purnelle at corman.be stephane.purnelle at corman.be
Tue Oct 23 10:19:04 GMT 2007 

See on the samba howto collection the chapter 15 "User rights and 
Privileges" .
You will find the answer.


-----------------------------------
Stéphane PURNELLE                         stephane.purnelle at corman.be
Service Informatique       Corman S.A.           Tel : 00 32 087/342467

samba-bounces+stephane.purnelle=corman.be at lists.samba.org a écrit sur 
23/10/2007 11:36:01 :

> Hi all,
> 
> Samba has been running as PDC for some months in a row w/o no issues so 
> far.
> Users and machines were created and added to the domain correctly...
> 
> Now I'm facing the following problem... I hope it's easy to solve...
> Although machines have been added to the domain using the root user, and 

> it's mapped to Administrator in /etc/samba/smbusers, when a situation 
> like connecting to a remote Windows workstation or unlocking a locked 
> session using that user comes, the workstation shows a message telling 
> that I (or the SysAdmin using the root or Administartor account) have no 

> privileges to do that...
> 
> This is my smb.conf:
> 
> ---
> [global]
>        netbios name = v601
>        server string = Volania Six Dominatrix
>        workgroup = VOLANIASIX.COM
> 
>        ; domain & local master browser
>        ; coz we're dealing with Win2k
>        os level = 65
>        prefered master = yes
>        domain master = yes
>        local master = yes
>        domain logons = yes
>        wins support = yes
> 
>        ; misc options
>        socket options = TCP_NODELAY IPTOS_LOWDELAY SO_SNDBUF=8192 
> SO_RCVBUF=8192
>        time server = yes
> 
>        ; do not show files starting with dots
>        hide dot files = yes
> 
>        ; do not allow guest access, use only local system accounts
>        security = user
>        guest ok = no
>        invalid users = bin deamon sys man postfix mail ftp
>        admin users = @wheel
> 
>        ; use encrypted passwords
>        encrypt passwords = yes
> 
>        ; logging (max log size is in kB)
>        log level = 2
>        log file = /var/log/samba/log.%L
>        max log size = 1000
>        debug timestamp = yes
>        syslog = 1
> 
>        ; user roaming profiles path
>        logon path = \\%N\profiles\%U
> 
>        logon drive = H:
> 
>        ; general logon script (in DOS format)
>        logon script = %u.bat
> 
> # These scripts are used on a domain controller or stand-alone
> # machine to add or delete corresponding unix accounts
>        add user script = /usr/sbin/useradd %u
>        add group script = /usr/sbin/groupadd %g
>        add machine script = /usr/sbin/adduser -n -g users -c 
> V6-Windows-Machine -d /dev/null -s /bin/false %u
>        delete user script = /usr/sbin/userdel %u
>        delete user from group script = /usr/sbin/deluser %u %g
>        delete group script = /usr/sbin/groupdel %g
>        username map = /etc/samba/smbusers
> 
> 
> ; share for domain controller
> [netlogon]
>        path = /usr/lib/samba/netlogon
>        public = no
>        writeable = no
>        browsable = no
>        valid users = root @smbusers
> 
> ; share for storing user profiles
> [profiles]
>        comment = Network Profiles Share
> 
>        path = /usr/lib/samba/profiles
>        writeable = yes
>        store dos attributes = yes
>        create mask = 0700
>        directory mask = 0700
>        browsable = no
>        guest ok = no
>        printable = no
> 
>        hide files = /desktop.ini/outlook*.lnk/*Briefcase*/
>        valid users = root @smbusers
> 
> [homes]
>        valid users = %S
>        read only = No
>        browseable = No
> 
> ---
> 
> # grep wheel /etc/group
> wheel:x:10:root
> 
> 
> 
> Any suggestions?? Maybe I've overseen something obvious when Samba was 
> set up as PDC...
> 
> 
> TIA,
> Martin
> 
> 
> -- 
> Martin Mielke - martin.mielke at casino.com
> Sr. SysAdmin at Casino.com
> p: +34 956785288 | f: +34 956794081 | m: +34 677509693
> w: http://www.casino.com/
> 
> The contents of this email and any attachments are for the intended 
> recipient(s) only. This email may contain proprietary, confidential,
> or otherwise private information belonging to Casino.com (hereafter 
> referred to as "The Company") or its affiliates. The Company does 
> not take any responsibility for, or endorse any information which 
> does not relate to its official business, including personal mail 
> and/or opinions by senders whether or not they are employed by The 
> Company. If you receive a message that was not intended for you, 
> please notify the sender immediately (or forward the email to 
> privacy at casino.com). Do not read, use or disclose the contents in 
> any way and delete the message immediately.
> 
> The Company will take reasonable precautions but cannot ensure that 
> this e-mail and any attachments will be free of errors, viruses, 
> interception or interference. Therefore The Company can not be held 
> liable for any loss or damages incurred by you which have been 
> caused by any of the foregoing. No undertaking, guarantee or other 
> obligation contained in this email or any attachments will bind The 
> Company unless it is later confirmed in writing.
> 
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba

More information about the samba mailing list