[Samba] domain admin group does not have root privileges on windows 2000 or xp machines

Tue, 28 Sep 2004 15:52:59 -0700 

I recently upgraded to samba 3 (running on FreeBSD 4.10).  I quickly discovered the 
lack of the
domain admins setting from samba 2, and found documentation directing me to use net 
groupmap.  So
I've got the domain admins group set to include @wheel:

olympus# net groupmap list
System Operators (S-1-5-32-549) -> -1
Replicators (S-1-5-32-552) -> -1
Guests (S-1-5-32-546) -> -1
Domain Users (S-1-5-21-1328167348-507421394-93929189-513) -> domuser
Power Users (S-1-5-32-547) -> -1
Domain Guests (S-1-5-21-1328167348-507421394-93929189-514) -> domguest
Print Operators (S-1-5-32-550) -> -1
Administrators (S-1-5-32-544) -> wheel
Account Operators (S-1-5-32-548) -> -1
Domain Admins (S-1-5-21-1328167348-507421394-93929189-512) -> wheel
Backup Operators (S-1-5-32-551) -> -1
Users (S-1-5-32-545) -> -1

All the windows boxes in my domain still have their default administrative shares
(//super1337/c$), and all of them have the domain admin group set to belong to the 
admin group
(all this is the default).  However, when I attempt to connect via smblcient:

oh, never mind.  it works now.

but wait... alright, one of the three users in the wheel works.  the other two still 
get:

olympus# smbclient -U danh //gandolf/c$ 
Password: 
Domain=[EBCRP] OS=[Windows 5.0] Server=[Windows 2000 LAN Manager]
tree connect failed: NT_STATUS_ACCESS_DENIED

this is what I was getting for the one user all day until I went to get the example 
for this
message.  now it is working and the other two still aren't.  what the bloody hell is 
going on
here?  

oh, you know what?  if the group is wheel, it doesn't work, but if I put the same 
users in another
group, then it works.  except for one machine which is being retarded and we don't 
know why.

the moral of the story?

wheel  + domain admin group in samba don't seem to get along. 

if anyone can explain this behavior, please feel free, otherwise this post turned from 
a question
into an answer.  kind of.



                
_______________________________
Do you Yahoo!?
Declare Yourself - Register online to vote today!
http://vote.yahoo.com
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Reply via email to