[Samba] Administrative users on domain
dbrooks at mdah.state.ms.us
Fri Jul 12 13:34:53 MDT 2013
Back in January we upgraded/moved our domain from an old install of samba and openldap to a newer version (samba 3.5.10 and openldap 2.4.23) while also moving our domain to a new name. On the old domain, which was setup before I got here, our IT section was in an ldap group that allowed us to join PC's to the domain and when the prompt came up in windows to install software we could log in as ourselves. However that is not the case on the new domain and I cannot figure out how to set that back up. I have looked at the docs on samba rights (http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/rights.html) but it seems I am missing something since when I type:
net rpc rights grant 'MDAH\Domain Admins' SeMachineAccountPrivilege -S enterprise -U superusername
Failed to grant privileges for MDAH\Domain Admins (NT_STATUS_NO_SUCH_USER)
superusername is our "superuser" account that we have to currently type in to join machines to join the domain. However when installing software we have to log in as local administrator or do a MACHINENAME\Administrator and it's password to install software.
More information about the samba