[Samba] Domain Admin isn't admin any more
Martin Hochreiter
linuxbox at wavenet.at
Wed Nov 12 14:55:38 GMT 2008
Hi!
We are using Samba 3.0.22 PDC and 2 Samba 3.0.28 BDC with ldapsam based
backend.
Since about one week, the domain admin (admin) has no admin rights on the
XP/2003 machines any more and I don't have an idea why.
Can somebody please help me?
Some tests and configurations:
# id admin
uid=0(root) gid=0(root) Gruppen=0(root),998(ldapadmin)
# net groupmap list
Domain Admins (S-1-5-21-8915387-1074272342-1703228666-512) -> ldapadmin
Domain Users (S-1-5-21-8915387-1074272342-1703228666-513) -> ldapuser
# ldapsearch -x uid=admin
# extended LDIF
#
# LDAPv3
# base <> with scope subtree
# filter: uid=admin
# requesting: ALL
#
# Admin, Users, xxxxxxx.ac.at
dn: uid=Admin,ou=Users,dc=xxxxxxxx,dc=ac.at
objectClass: account
objectClass: posixAccount
objectClass: shadowAccount
objectClass: sambaSamAccount
sambaPwdMustChange: 2147483647
sambaLogoffTime: 0
sambaLogonTime: 0
sambaKickoffTime: 0
description:
sambaDomainName: XX_XXX
uid: Admin
cn: Admin
displayName: Admin
sambaSID: S-1-5-21-1992494304-3358384209-1871445459-1000
uidNumber: 0
homeDirectory: /root
loginShell: /bin/false
shadowLastChange: 12529
sambaLogonScript: ver_nsc.cmd
gidNumber: 0
sambaPrimaryGroupSID: S-1-5-21-1992494304-3358384209-1871445459-512
sambaProfilePath: //XX.XX.XX.XX/profiles/Admin
sambaPwdCanChange: 1156912744
sambaPasswordHistory:
00000000000000000000000000000000000000000000000000000000
00000000
sambaPwdLastSet: 1156912744
sambaAcctFlags: [U ]
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1
cat /etc/samba/smb.conf
[global]
# NAME SETTINGS
netbios name = xxxxx
server string = xxxxx
workgroup = xxxxx
# SECURITY SETTINGS
os level = 255
preferred master = yes
domain master = yes
local master = yes
domain logons = yes
security = user
encrypt passwords = yes
# min passwd length = 6
announce version = 7
announce as = NT
admin users = @"Domain Admins",admin,Admin
# PRINTER SETTINGS
printing = BSD
load printers = No
disable spoolss = Yes
show add printer wizard = No
# LDAP SETTINGS
ldap admin dn="uid=Admin,ou=Users,dc=xxxxxx,dc=ac.at"
# ldap ssl = start_tls
ldap ssl = no
passdb backend = ldapsam
ldap delete dn = no
ldap user suffix = ou=Users
ldap group suffix = ou=Groups
ldap machine suffix = ou=Clients
ldap suffix = dc=xxxxxxx,dc=ac.at
# ldap filter = (&(uid=%u)(objectclass=sambaSamAccount))
ldap passwd sync = yes
More information about the samba
mailing list