[Samba] samba group rights problem (Domain Admins not working)
Jeroen Vriesman
linuxificator at gmail.com
Thu Jul 24 09:24:31 GMT 2008
Hi,
my root is a member of the Domain Admins:
root at hermes:/etc/ldap# id root
uid=0(root) gid=0(root) groups=0(root),513(Domain
Users),1013(Apps),1016(Application RelaX),1017(Terminal Server
Users),1112(Applications),1120(Application Aura),512(Domain Admins)
root at hermes:/etc/ldap# net rpc user info root
Password:
Domain Users
Domain Admins
Apps
Application RelaX
Terminal Server Users
Applications
Application Aura
root at hermes:/etc/ldap# net rpc rights list root
Password:
<no output>
but still doesn't get the rights from the domain admins groups:
net groupmap list:
.....
Domain Admins (S-1-5-21-2651798370-710026074-3531216960-512) -> Domain
Admins
.....
I will try ldap debug later today.
On Thu, Jul 24, 2008 at 11:14 AM, Thuan Tran <thuanbkit at gmail.com> wrote:
> Thanks Stefan, this fix my problem which was described here
> http://article.gmane.org/gmane.network.samba.general/99631 and here
> http://article.gmane.org/gmane.network.samba.general/99649 too.
>
> On Thu, Jul 24, 2008 at 1:27 PM, Stefan Dengscherz <
> stefan.dengscherz at gmail.com> wrote:
>
> > Hello Jeroen,
> >
> >
> > I just had the same problem you described. The cause of it was, that
> > the LDAP configuration on my new os (Ubuntu 8.04) included an option
> > to ignore the root user from LDAP:
> >
> > nss_initgroups_ignoreusers
> >
> >
> backup,bin,daemon,dhcp,games,gnats,irc,klog,libuuid,list,lp,mail,man,mysql,news,openldap,proxy,sshd,statd,sync,sys,syslog,uucp,www-data
> >
> > in /etc/ldap.conf. I can't remember if it was the stock config file or
> > if I added it following some howto. However the root user on the
> > server side was not a member of the 'Domain Admins' group because the
> > data came from /etc/passwd. I removed root from the ignore list and it
> > worked.
> >
> > Just check on your PDC, if the root user is really a member of the
> > 'Domain Admins' group with 'id root' - if not - there's your problem.
> >
> >
> > Kind regards,
> >
> > -sd
> >
> >
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/listinfo/samba
>
More information about the samba
mailing list