[Samba] Few questions on configuring Samba as a PDC

Jesse Stone jstone1999 at gmail.com
Fri Sep 26 19:34:31 GMT 2008 

Hi David,

I'm not sure about your response but I research it shortly.

In regards to John's response, I did change it slightly (I am trying to not
use room)
net groupmap add ntgroup="Domain Admins" unixgroup=domainadmins
net groupmap add ntgroup="Domain Users" unixgroup=domainusers
net groupmap add ntgroup="Domain Guests" unixgroup=nogroup
I have then added two people into the domainadmins group (which I created)
and 1 person into the domainusers group.  The users on the domainadmins
group can connect to the domain (if I use the root user to add them which I
want to change) but they cannot save their profiles.

I belive this is due to the permissions on the folders:
rwxrwxr-x 2 root domainusers 4096 2008-09-25 12:43 netlogon
drwxrwxr-x 3 root domainusers 4096 2008-09-26 01:40 profiles

I could see how it would work if I kept things as they are as domain admins
would be in the root group and would have access to the folder but since I
am tryig to not use the root group I am at a loss how to set the permissions
on these folders.

I haven't been able to try the user that is in the domainusers group as that
use runs Kubuntu and I'm not sure how to add a Linux machine onto the
domain.

Thanks for both your responses!  Again, the main goal is to setup a PDC with
roaming profiles without the use of the root account or root group.

-Jesse



On Fri, Sep 26, 2008 at 11:18 AM, David Markey <admin at dmarkey.com> wrote:

> net rpc rights grant <username> SeMachineAccountPrivilege
>
>   On Fri, Sep 26, 2008 at 7:11 PM, John Drescher <drescherjm at gmail.com>wrote:
>
>>   On Fri, Sep 26, 2008 at 1:59 PM, Jesse Stone <jstone1999 at gmail.com>
>> wrote:
>> > Please don't flame me.  I did attempt to search before posting this
>> question
>> > (through Gmail), if there's a better way, please let me know!
>> >
>> > I followed this article for implementing a Samba PDC:
>> > http://www.howtoforge.com/samba_setup_ubuntu_5.10_p4
>> >
>> > Question 1)  The only accout that appears to be able to add an account
>> onto
>> > the domain is the root account.  There must be a way to change that to a
>> > standard account.  I'm using Ubuntu and do not use the root account for
>> > anything.
>> >
>> > I've tried changing "root = Administrator" in /etc/samba/smbusers to
>> > "otheruser = Administrator" but that doesn't seem to do it.
>> >
>>
>> Did you do this:
>> net groupmap modify ntgroup="Domain Admins" unixgroup=root
>> net groupmap modify ntgroup="Domain Users" unixgroup=users
>> net groupmap modify ntgroup="Domain Guests" unixgroup=nogroup
>>
>> And assign users to the Domain Admins group?
>>
>> John
>>  --
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/listinfo/samba
>>
>
>

More information about the samba mailing list