[Samba] root != admin domain user?
L.P.H. van Belle
belle at bazuin.nl
Tue Oct 23 11:40:37 GMT 2007
wel,
/snap
connecting to a remote Windows workstation or unlocking a locked
session using that user comes, the workstation shows a message telling
that I (or the SysAdmin using the root or Administartor account) have no
privileges to do that...
/snap
sound correct..
but didnt you forget to
1) put the "Domain Administrators" group to the remote desktop ( terminal
services )
2) change the local administrators password to the same password as the
Domain Administrator
3) enable Terminal services at all.
4) does the account have a password and is it member of the LOCAL Terminal
Services group.
check al 4 and you will fix it.
this is you i work.
1 the Domain user i work with = Domain Admin ( primary group )
2 Domain Admins are allowed to logon in terminal services.
3 just for backup, my loginname exists also as local user, AND has access to
terminal services.
this incase the Domain Controller has a problemen and you Must have
access to a desktop.
Good Luck.
Louis
>-----Oorspronkelijk bericht-----
>Van: samba-bounces+belle=bazuin.nl at lists.samba.org
>[mailto:samba-bounces+belle=bazuin.nl at lists.samba.org] Namens
>Martin Mielke
>Verzonden: dinsdag 23 oktober 2007 11:36
>Aan: samba at lists.samba.org
>Onderwerp: [Samba] root != admin domain user?
>
>Hi all,
>
>Samba has been running as PDC for some months in a row w/o no
>issues so
>far.
>Users and machines were created and added to the domain correctly...
>
>Now I'm facing the following problem... I hope it's easy to solve...
>Although machines have been added to the domain using the root
>user, and
>it's mapped to Administrator in /etc/samba/smbusers, when a situation
>like connecting to a remote Windows workstation or unlocking a locked
>session using that user comes, the workstation shows a message telling
>that I (or the SysAdmin using the root or Administartor
>account) have no
>privileges to do that...
>
>This is my smb.conf:
>
>---
>[global]
> netbios name = v601
> server string = Volania Six Dominatrix
> workgroup = VOLANIASIX.COM
>
> ; domain & local master browser
> ; coz we're dealing with Win2k
> os level = 65
> prefered master = yes
> domain master = yes
> local master = yes
> domain logons = yes
> wins support = yes
>
> ; misc options
> socket options = TCP_NODELAY IPTOS_LOWDELAY SO_SNDBUF=8192
>SO_RCVBUF=8192
> time server = yes
>
> ; do not show files starting with dots
> hide dot files = yes
>
> ; do not allow guest access, use only local system accounts
> security = user
> guest ok = no
> invalid users = bin deamon sys man postfix mail ftp
> admin users = @wheel
>
> ; use encrypted passwords
> encrypt passwords = yes
>
> ; logging (max log size is in kB)
> log level = 2
> log file = /var/log/samba/log.%L
> max log size = 1000
> debug timestamp = yes
> syslog = 1
>
> ; user roaming profiles path
> logon path = \\%N\profiles\%U
>
> logon drive = H:
>
> ; general logon script (in DOS format)
> logon script = %u.bat
>
># These scripts are used on a domain controller or stand-alone
># machine to add or delete corresponding unix accounts
> add user script = /usr/sbin/useradd %u
> add group script = /usr/sbin/groupadd %g
> add machine script = /usr/sbin/adduser -n -g users -c
>V6-Windows-Machine -d /dev/null -s /bin/false %u
> delete user script = /usr/sbin/userdel %u
> delete user from group script = /usr/sbin/deluser %u %g
> delete group script = /usr/sbin/groupdel %g
> username map = /etc/samba/smbusers
>
>
>; share for domain controller
>[netlogon]
> path = /usr/lib/samba/netlogon
> public = no
> writeable = no
> browsable = no
> valid users = root @smbusers
>
>; share for storing user profiles
>[profiles]
> comment = Network Profiles Share
>
> path = /usr/lib/samba/profiles
> writeable = yes
> store dos attributes = yes
> create mask = 0700
> directory mask = 0700
> browsable = no
> guest ok = no
> printable = no
>
> hide files = /desktop.ini/outlook*.lnk/*Briefcase*/
> valid users = root @smbusers
>
>[homes]
> valid users = %S
> read only = No
> browseable = No
>
>---
>
># grep wheel /etc/group
>wheel:x:10:root
>
>
>
>Any suggestions?? Maybe I've overseen something obvious when Samba was
>set up as PDC...
>
>
>TIA,
>Martin
>
>
>--
>Martin Mielke - martin.mielke at casino.com
>Sr. SysAdmin at Casino.com
>p: +34 956785288 | f: +34 956794081 | m: +34 677509693
>w: http://www.casino.com/
>
>The contents of this email and any attachments are for the
>intended recipient(s) only. This email may contain
>proprietary, confidential, or otherwise private information
>belonging to Casino.com (hereafter referred to as "The
>Company") or its affiliates. The Company does not take any
>responsibility for, or endorse any information which does not
>relate to its official business, including personal mail
>and/or opinions by senders whether or not they are employed by
>The Company. If you receive a message that was not intended
>for you, please notify the sender immediately (or forward the
>email to privacy at casino.com). Do not read, use or disclose the
>contents in any way and delete the message immediately.
>
>The Company will take reasonable precautions but cannot ensure
>that this e-mail and any attachments will be free of errors,
>viruses, interception or interference. Therefore The Company
>can not be held liable for any loss or damages incurred by you
>which have been caused by any of the foregoing. No
>undertaking, guarantee or other obligation contained in this
>email or any attachments will bind The Company unless it is
>later confirmed in writing.
>
>
>--
>To unsubscribe from this list go to the following URL and read the
>instructions: https://lists.samba.org/mailman/listinfo/samba
>
More information about the samba
mailing list