On Thursday 27 January 2005 16:00, Dana Forte wrote: > Looks like there are 2 "Domain Admin" ntgroups, each with a different SID. > Delete the one that doesn't match the domain portion of the output of 'net > getlocalsid', then make sure the one that is left is mapped to the correct > unixgroup.
Alternately, stop samba then delete the group_mapping.tdb file, restart samba and then remap your groups. Example: net groupmap modify ntgroup="Domain Admins" unixgroup=flyingpigs Cheers, John T. > > > "Morgan Toal" <[EMAIL PROTECTED]> wrote in message > news:[EMAIL PROTECTED] > > > Hi there, > > > > I switched servers yesterday. > > The old server was running 2.2.7a-1 on RedHat 8.0. > > The new server is 3.0.8-0.pre1.3 on Fedora Core 3. > > > > I did the migration by copying the following: > > /etc/passwd > > /etc/group > > /etc/shadow > > /etc/samba/* > > > > I then copied /home and fixed all the permissions on stuff. > > > > I then started up samba on the new server, and unplugged the old one. > > > > Most everything went smoothly, everyone could log in, we did not have to > > re-join client comptuters to the domain. > > > > However, I am not understanding why my domain administrator accounts are > > now not getting local administrator priveleges when logged in. This > > always worked fine on Samba 2.2.7a-1! > > > > I now cannot, when logged in on a W2K workstation as a domain user called > > "nsu", which is a member of "domain admins", modify files in C:\WINNT, or > > modify the local registry, etc. > > > > On a W2K orkstation, In the Local Users and Groupsd8‰ applet I can see > > that the local "Administrators" does in fact contain "PD/Domain Admins" > > and it gines a partial listing of the group's SID. > > > > I cannot confirm if this is the same SID as my SID in samba for "Domain > > Admins". It should be the same, right? Can anyone suggest a tool I could > > use to confirm this? > > > > I *really* don't want to have to add a domain group of people who should > > be local administrator to the local administrators group on each > > workstation, as we have quite a number of workstations, so I have not > > tried this yet... > > > > Can someone else suggest something for me to check or try? Thanks! > > > > mtoal > > > > ------------------------------------------------------------------------- > >---------------- > > > > [EMAIL PROTECTED] ~]# net groupmap list > > System Operators (S-1-5-32-549) -> -1 > > Domain Users (S-1-5-21-2634632689-992284068-1313363551-513) -> -1 > > Domain Admins (S-1-5-21-2634632689-992284068-1313363551-512) -> > > domainadmin > > Replicators (S-1-5-32-552) -> -1 > > Guests (S-1-5-32-546) -> -1 > > Domain Guests (S-1-5-21-2634632689-992284068-1313363551-514) -> -1 > > Domain Users (S-1-5-21-3505514775-834951346-1128776050-513) -> -1 > > Domain Admins (S-1-5-21-3505514775-834951346-1128776050-512) -> -1 > > Domain Guests (S-1-5-21-3505514775-834951346-1128776050-514) -> -1 > > Power Users (S-1-5-32-547) -> -1 > > Print Operators (S-1-5-32-550) -> domainadmin > > Administrators (S-1-5-32-544) -> domainadmin > > cid (S-1-5-21-2634632689-992284068-1313363551-2045) -> cid > > Account Operators (S-1-5-32-548) -> -1 > > seint (S-1-5-21-2634632689-992284068-1313363551-2157) -> seint > > Backup Operators (S-1-5-32-551) -> -1 > > Users (S-1-5-32-545) -> -1 > > > > ------------------------------------------------------------------------- > >---------------- > > > > [EMAIL PROTECTED] ~]# cat /etc/samba/smb.conf > > > > log level = 4 > > > > netbios name = pd1 > > workgroup = pd > > > > os level = 200 > > preferred master = no > > domain master = yes > > local master = no > > > > wins support = no > > wins server = 192.168.18.14 > > name resolve order = wins lmhosts > > enhanced browsing = no > > > > security = user > > encrypt passwords = yes > > > > domain logons = yes > > logon path = > > logon drive = Z: > > logon home = \\%L\%u > > logon script = logon.bat > > > > add user script = /usr/sbin/useradd -d /dev/null -g 100 -s /bin/false -M > > %u > > > > use client driver = yes > > > > host msdfs = yes > > > > guest account = guest > > map to guest = bad user > > > > username map = /etc/samba/smbusers > > admin users = @domainadmin > > > > -- > > To unsubscribe from this list go to the following URL and read the > > instructions: https://lists.samba.org/mailman/listinfo/samba -- John H Terpstra Samba-Team Member Phone: +1 (650) 580-8668 Author: The Official Samba-3 HOWTO & Reference Guide, ISBN: 0131453556 Samba-3 by Example, ISBN: 0131472216 Hardening Linux, ISBN: 0072254971 Other books in production. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
