Hi there,
Thanks to everyone for their suggestions.
Unfortunately, I must be missing something, I did delete the group_mappings.tdb and re-create my groups. This has not improved the situation unfortunately.
Where else might I look?
An aside question: how can I be sure, from the perspective of the Windows workstation, what exactly Windows sees my group memberships/priveleges? I don't know of a way to determine this, some little utility or applet?
Thanks,
mtoal
John H Terpstra wrote:
On Thursday 27 January 2005 16:00, Dana Forte wrote:
Looks like there are 2 "Domain Admin" ntgroups, each with a different SID. Delete the one that doesn't match the domain portion of the output of 'net getlocalsid', then make sure the one that is left is mapped to the correct unixgroup.
Alternately, stop samba then delete the group_mapping.tdb file, restart samba and then remap your groups. Example:
net groupmap modify ntgroup="Domain Admins" unixgroup=flyingpigs
Cheers, John T.
"Morgan Toal" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED]
Hi there,
I switched servers yesterday. The old server was running 2.2.7a-1 on RedHat 8.0. The new server is 3.0.8-0.pre1.3 on Fedora Core 3.
I did the migration by copying the following: /etc/passwd /etc/group /etc/shadow /etc/samba/*
I then copied /home and fixed all the permissions on stuff.
I then started up samba on the new server, and unplugged the old one.
Most everything went smoothly, everyone could log in, we did not have to re-join client comptuters to the domain.
However, I am not understanding why my domain administrator accounts are now not getting local administrator priveleges when logged in. This always worked fine on Samba 2.2.7a-1!
I now cannot, when logged in on a W2K workstation as a domain user called "nsu", which is a member of "domain admins", modify files in C:\WINNT, or modify the local registry, etc.
On a W2K orkstation, In the Local Users and Groupsd8ï applet I can see that the local "Administrators" does in fact contain "PD/Domain Admins" and it gines a partial listing of the group's SID.
I cannot confirm if this is the same SID as my SID in samba for "Domain Admins". It should be the same, right? Can anyone suggest a tool I could use to confirm this?
I *really* don't want to have to add a domain group of people who should be local administrator to the local administrators group on each workstation, as we have quite a number of workstations, so I have not tried this yet...
Can someone else suggest something for me to check or try? Thanks!
mtoal
------------------------------------------------------------------------- ----------------
[EMAIL PROTECTED] ~]# net groupmap list System Operators (S-1-5-32-549) -> -1 Domain Users (S-1-5-21-2634632689-992284068-1313363551-513) -> -1 Domain Admins (S-1-5-21-2634632689-992284068-1313363551-512) -> domainadmin Replicators (S-1-5-32-552) -> -1 Guests (S-1-5-32-546) -> -1 Domain Guests (S-1-5-21-2634632689-992284068-1313363551-514) -> -1 Domain Users (S-1-5-21-3505514775-834951346-1128776050-513) -> -1 Domain Admins (S-1-5-21-3505514775-834951346-1128776050-512) -> -1 Domain Guests (S-1-5-21-3505514775-834951346-1128776050-514) -> -1 Power Users (S-1-5-32-547) -> -1 Print Operators (S-1-5-32-550) -> domainadmin Administrators (S-1-5-32-544) -> domainadmin cid (S-1-5-21-2634632689-992284068-1313363551-2045) -> cid Account Operators (S-1-5-32-548) -> -1 seint (S-1-5-21-2634632689-992284068-1313363551-2157) -> seint Backup Operators (S-1-5-32-551) -> -1 Users (S-1-5-32-545) -> -1
------------------------------------------------------------------------- ----------------
[EMAIL PROTECTED] ~]# cat /etc/samba/smb.conf
log level = 4
netbios name = pd1 workgroup = pd
os level = 200 preferred master = no domain master = yes local master = no
wins support = no wins server = 192.168.18.14 name resolve order = wins lmhosts enhanced browsing = no
security = user encrypt passwords = yes
domain logons = yes logon path = logon drive = Z: logon home = \\%L\%u logon script = logon.bat
add user script = /usr/sbin/useradd -d /dev/null -g 100 -s /bin/false -M %u
use client driver = yes
host msdfs = yes
guest account = guest map to guest = bad user
username map = /etc/samba/smbusers admin users = @domainadmin
-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
