RE [Samba] root != admin domain user?
stephane.purnelle at corman.be
stephane.purnelle at corman.be
Tue Oct 23 10:19:04 GMT 2007
See on the samba howto collection the chapter 15 "User rights and
Privileges" .
You will find the answer.
-----------------------------------
Stéphane PURNELLE stephane.purnelle at corman.be
Service Informatique Corman S.A. Tel : 00 32 087/342467
samba-bounces+stephane.purnelle=corman.be at lists.samba.org a écrit sur
23/10/2007 11:36:01 :
> Hi all,
>
> Samba has been running as PDC for some months in a row w/o no issues so
> far.
> Users and machines were created and added to the domain correctly...
>
> Now I'm facing the following problem... I hope it's easy to solve...
> Although machines have been added to the domain using the root user, and
> it's mapped to Administrator in /etc/samba/smbusers, when a situation
> like connecting to a remote Windows workstation or unlocking a locked
> session using that user comes, the workstation shows a message telling
> that I (or the SysAdmin using the root or Administartor account) have no
> privileges to do that...
>
> This is my smb.conf:
>
> ---
> [global]
> netbios name = v601
> server string = Volania Six Dominatrix
> workgroup = VOLANIASIX.COM
>
> ; domain & local master browser
> ; coz we're dealing with Win2k
> os level = 65
> prefered master = yes
> domain master = yes
> local master = yes
> domain logons = yes
> wins support = yes
>
> ; misc options
> socket options = TCP_NODELAY IPTOS_LOWDELAY SO_SNDBUF=8192
> SO_RCVBUF=8192
> time server = yes
>
> ; do not show files starting with dots
> hide dot files = yes
>
> ; do not allow guest access, use only local system accounts
> security = user
> guest ok = no
> invalid users = bin deamon sys man postfix mail ftp
> admin users = @wheel
>
> ; use encrypted passwords
> encrypt passwords = yes
>
> ; logging (max log size is in kB)
> log level = 2
> log file = /var/log/samba/log.%L
> max log size = 1000
> debug timestamp = yes
> syslog = 1
>
> ; user roaming profiles path
> logon path = \\%N\profiles\%U
>
> logon drive = H:
>
> ; general logon script (in DOS format)
> logon script = %u.bat
>
> # These scripts are used on a domain controller or stand-alone
> # machine to add or delete corresponding unix accounts
> add user script = /usr/sbin/useradd %u
> add group script = /usr/sbin/groupadd %g
> add machine script = /usr/sbin/adduser -n -g users -c
> V6-Windows-Machine -d /dev/null -s /bin/false %u
> delete user script = /usr/sbin/userdel %u
> delete user from group script = /usr/sbin/deluser %u %g
> delete group script = /usr/sbin/groupdel %g
> username map = /etc/samba/smbusers
>
>
> ; share for domain controller
> [netlogon]
> path = /usr/lib/samba/netlogon
> public = no
> writeable = no
> browsable = no
> valid users = root @smbusers
>
> ; share for storing user profiles
> [profiles]
> comment = Network Profiles Share
>
> path = /usr/lib/samba/profiles
> writeable = yes
> store dos attributes = yes
> create mask = 0700
> directory mask = 0700
> browsable = no
> guest ok = no
> printable = no
>
> hide files = /desktop.ini/outlook*.lnk/*Briefcase*/
> valid users = root @smbusers
>
> [homes]
> valid users = %S
> read only = No
> browseable = No
>
> ---
>
> # grep wheel /etc/group
> wheel:x:10:root
>
>
>
> Any suggestions?? Maybe I've overseen something obvious when Samba was
> set up as PDC...
>
>
> TIA,
> Martin
>
>
> --
> Martin Mielke - martin.mielke at casino.com
> Sr. SysAdmin at Casino.com
> p: +34 956785288 | f: +34 956794081 | m: +34 677509693
> w: http://www.casino.com/
>
> The contents of this email and any attachments are for the intended
> recipient(s) only. This email may contain proprietary, confidential,
> or otherwise private information belonging to Casino.com (hereafter
> referred to as "The Company") or its affiliates. The Company does
> not take any responsibility for, or endorse any information which
> does not relate to its official business, including personal mail
> and/or opinions by senders whether or not they are employed by The
> Company. If you receive a message that was not intended for you,
> please notify the sender immediately (or forward the email to
> privacy at casino.com). Do not read, use or disclose the contents in
> any way and delete the message immediately.
>
> The Company will take reasonable precautions but cannot ensure that
> this e-mail and any attachments will be free of errors, viruses,
> interception or interference. Therefore The Company can not be held
> liable for any loss or damages incurred by you which have been
> caused by any of the foregoing. No undertaking, guarantee or other
> obligation contained in this email or any attachments will bind The
> Company unless it is later confirmed in writing.
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/listinfo/samba
More information about the samba
mailing list