[Samba] Local Administrator access
Gaiseric Vandal
gaiseric.vandal at gmail.com
Mon Nov 26 08:59:53 MST 2012
Have you tried logging into the PC using the samba domain administrator
account?
Assuming the PC was properly joined to the domain then you should be
able to configure the local accounts and groups.
You can create domain group that is then a member of the PC's local
administrator group. This will allow you do defined samba users who are
PC administrators but NOT domain administrators.
Whomever joins a PC to a domain needs to be both a local administrator
on that computer and (in most cases) have domain administrator
credentials. (If the machine account was created in advance then the
domain administrator credentials should not be needed.)
Are you sure the PC was joined to the domain?
On 11/26/12 10:51, Knut Olav Bøhmer wrote:
> 2012/11/26 Gaiseric Vandal <gaiseric.vandal at gmail.com
> <mailto:gaiseric.vandal at gmail.com>>
>
> With Windows7, the 1st account you create during the initial
> setup is typically a member of the local admin group. The actual
> "Administrator" account is normally disabled. Did this 1st
> account get deleted?
>
>
> I did not install the computer. How can I find out if there is such a
> user? But, I don't have the password anyway.
>
> When you joined the domain, the Domain Admin's groups should have
> been added to the local Admin group.
>
>
> Ok, so the trick is to get my user a member of the "Domain Admins" group.
>
> This can get messed up if your group mappings are not set up
> correctly.
>
> Also, I think when running the "net" command you may want to use
> "-U Administrator" to use the credentials of your domain
> Administrator account (assuming one has been defined.) In my
> setup the unix root does not have a samba account.
>
>
>
>
>
> On 11/26/12 10:03, Knut Olav Bøhmer wrote:
>
> Hi,
>
> I have a windows 7 machine withouth local administrator account.
> I need to create such an account. I can log in to the machine
> with a user
> on my samba domain.
>
> What do I need to do in order to get administrator access, or
> access to
> create an local administrator account?
>
> I have tried to do this:
>
> [root at float samba]# net rpc group addmem "Administrators"
> 'DOMAIN\username'
> Enter root's password:
> Could not add SKOLELINUX\knobo to Administrators:
> NT_STATUS_NO_SUCH_ALIAS
>
> I have tried to give some rights this way:
>
> net rpc rights grant 'DOMAIN\username' SeMachineAccountPrivilege
> SeAddUsersPrivilege SeDiskOperatorPrivilege SeSecurityPrivilege
> SeUndockPrivilege SeImpersonatePrivilege SeCreateGlobalPrivilege
> SePrintOperatorPrivilege SeCreateGlobalPrivilege
> SeEnableDelegationPrivilege SeUndockPrivilege
> SeTakeOwnershipPrivilege
>
> And it does what I tell it:
> [root at float samba]# net rpc rights list knobo
> Enter root's password:
> SeMachineAccountPrivilege
> SeTakeOwnershipPrivilege
> SeRemoteShutdownPrivilege
> SePrintOperatorPrivilege
> SeAddUsersPrivilege
> SeDiskOperatorPrivilege
> SeSecurityPrivilege
> SeSystemProfilePrivilege
> SeUndockPrivilege
> SeImpersonatePrivilege
> SeCreateGlobalPrivilege
> SeEnableDelegationPrivilege
>
>
> But I'm still promptet for username and password, when I try
> to access the
> user accounts in windows 7.
>
> Any suggestions?
>
>
> Regards
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
>
>
>
> --
> Knut Olav Bøhmer
> 41 000 108
>
More information about the samba
mailing list