[Samba] No admin privileges after upgrade from 3.5.8 to 3.6.0rc3

Hans-Peter Jansen hpj at urpla.net
Thu Aug 4 06:02:48 MDT 2011 

Hi,

since I was bitten badly by this today, I take the additional time to 
report this issue here. 

After upgrading from samba 3.5.8 to 3.6.0rc3, Administrator on the xp 
clients (yes, still xp sp3, no vista, no win7 clients here) lost its 
admin privileges.

My Samba PDC setup evolved over about a decade now, but since it still 
needs to support a small environment only (20 xp, 30 users), I kept 
the "security = user" approach, mainly because it allows different 
passwords for the linux and windows environment.

[global]
    security = user
    domain master = yes
    preferred master = yes
    local master = yes
    domain logons = yes
    wins support = yes
    admin users = root @ntadmin

My admin is called admin:

$ id admin
uid=1002(admin) gid=71(ntadmin) Gruppen=71(ntadmin),512(domadmin)

$ cat /etc/samba/smbusers
admin = administrator
nobody = guest pcguest smbguest

$ getent group
domadmin:*:512:admin
domuser:*:513:u1,u2,...
domguest:*:514:
ntadmin:*:71:

$ net groupmap list
Domänen Benutzer (S-1-5-21-884593593-3352586541-3369792858-513) -> 
domuser
Domänen Administratoren 
(S-1-5-21-884593593-3352586541-3369792858-512) -> domadmin
Domänen Gäste (S-1-5-21-884593593-3352586541-3369792858-514) -> domguest

$ net rpc user
u1
u2
admin
...

$ net rpc user info admin
Domänen Benutzer
Domänen Administratoren

Users and admin can "domain" login just fine, but with 3.6.0rc3, the 
admin lost his privileges, simply downgrading samba to 3.5.8 fixed 
this.

<openSUSE Build Service internals>
Here's my samba build:
https://build.opensuse.org/package/show?package=samba&project=home%3Afrispete%3Asamba%3ASTABLE

That's linked to project network:samba:STABLE. If somebody from this 
project there is reading here: Doesn't the term "STABLE" and the 
project description imply stable released packages? IMHO, a release 
candidate doesn't match this criteria, but others might disagree. 
</openSUSE Build Service internals>

Since this is a productive environment, I can perform tests during the 
weekend only (as long as my family permits..).

Pete

More information about the samba mailing list