[Samba] No Admin-Rights in SMB-PDC-Domain

Daniel Spannbauer ds at marco.de
Mon Sep 21 00:07:54 MDT 2009 

Hello,

I've build a domain with Samba 3.0.23 and sucessfully joined this domain 
with a Windows-XP-Machine. I can log in to that machine as User "Root", 
wich is in the Group "Domain Admins" (rid=512). But I have no 
admin-rights on that machine.
Also, normal User can not log in over the Remotesession (RDP).

Can anybody help me to figure out why?

Here is my smb.conf:



[global]
         server string = b-login
         workgroup = marco
         ; speed optimierungen
         socket options = TCP_NODELAY
         share modes = no
         debug level = 10
         debug uid = yes
         getwd cache = yes
;       read size = 65536
         preserve case = yes
         log level = 10

         printer admin = ds
         domain logons = yes
         domain master = yes
         local master = Yes
         preferred master = Yes
         ldap admin dn = cn=Administrator,dc=marco,dc=de
         ldap delete dn = No
         ldap group suffix = ou=group
         ldap ssl = off
         ldap suffix = dc=marco,dc=de
         ldap user suffix = ou=people
         ldap machine suffix = ou=Computers
         ldap idmap suffix = ou=idmap
;       ldap passwd sync = yes
         logon path = \\%L\%U\.ntprofile
         logon home = \\%L\%U\.ntprofile
         logon drive = H:
         passdb backend = ldapsam:"ldap://10.3.1.3"
         security = user
         add machine script = /usr/sbin/useradd  -c Machine -d 
/var/lib/nobody -s /bin/false %m$
         printing = cups
         printcap name = cups
         printcap cache time = 750
         cups options =
         smb ports = 139
         local master = no
         kernel oplocks = No

         ; ----- same as "umask 2"
         create mask = 0775
         ; ----- disconnect after N minutes inactive
         dead time = 300
         ; ----- check whether clients are alive [seconds]
         keep alive = 300
         ; ----- may delete readonly files
         delete readonly = yes
         ; ----- logfiles grow up to N kByte
;       max log size = 100
         ; ----- don't map archive bit to execute bit
         map archive = no
         ; ----- "umask 2" setting for files and directories
         create mask = 0775
         directory mask = 0775
         ; ----- WINS support
         ; note: on SuSE 8samba is patched so that
         ;   if (wins server == localhost)
         ;       wins support = yes
         ;       preferred master = yes
         ;       os level >= 32
         ;

         wins server = gate

         name resolve order = wins host bcast

         security = user

         netbios aliases = homedirs


Regards

Daniel

-- 
Daniel Spannbauer                         Software Entwicklung
marco Systemanalyse und Entwicklung GmbH  Tel   +49 8333 9233-27 Fax -11
Rechbergstr. 4 - 6, D 87727 Babenhausen   Mobil +49 171 4033220
http://www.marco.de/                      Email ds at marco.de
Geschäftsführer Martin Reuter             HRB 171775 Amtsgericht München

More information about the samba mailing list