[Samba] User lost domain admin privileges

Loren M. Lang lorenl at alzatex.com
Mon Mar 26 05:52:08 MDT 2012 

Expounding on the problem further, it appears that no users logging into 
the domain are gaining access to any group memberships they have. In 
particular, no users seem to have privileges in the Domain Admins group 
and the Accounting group provided by the domain controller. User logons 
appear to be operating normally and basic print and file services are 
operating, but users are lacking any permissions granted by these 
additional groups. Is there a command to query a list of groups that the 
current user/session is a part of? If I run net group /domain 
"Accounting", I see all the correct users listed in that group, but the 
user doesn't seem to actually have those permissions. Further details 
are below:

On 3/23/2012 3:15 PM, Loren M. Lang wrote:
> Recently, something broke in Samba, my user, lorenl, is no longer an 
> Administrator on any local workstations. I am the only administrator 
> for this network, and there's nothing I've done related to any Samba 
> configuration changes recently. On all workstations, I've checks that 
> DOMAIN\Domain Admins is listed in the Administrators group. I ran this 
> command from the Command Prompt and see lorenl listed:
>
> net group /domain "Domain Admins"
>
> But somehow when I log onto any workstation, I do not gain admin 
> privileges. Is there some way to ask Windows which groups my logon 
> session includes?
>
> On the server, I have both a Primary Domain Controller running Samba 
> 3.2.3-1ubuntu3.8 and a Backup Domain Controller running Samba 
> 3.0.28a-1ubuntu4.17. Both have an LDAP server behind them running on 
> the same hardware. The BDC has an LDAP server which uses LDAP Sync 
> replication from the PDC's LDAP server. I have Domain Admins set up as 
> a Samba Group mapping to the UNIX group admins of which lorenl is also 
> a part of. There have been no significant changes to this set-up that 
> I am aware of since 2009 so I have no idea what broke recently.
>


-- 
Loren M. Lang
lorenl at alzatex.com
http://www.alzatex.com/


Public Key: ftp://ftp.tallye.com/pub/lorenl_pubkey.asc
Fingerprint: 10A0 7AE2 DAF5 4780 888A  3FA4 DCEE BB39 7654 DE5B

More information about the samba mailing list