On Tue, Feb 08, 2005 at 01:08:31PM -0600, Gerald (Jerry) Carter wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Paul Griffith wrote: > | Greetings, > | > | We have home grown user management backend system, > | and I have ported our v2.2.x passdb over to v3 type plugin. > | I am able to access files and print using our backend. > | I am running into trouble joining PCs to the domain. > | > | I am assuming the primary problem is that our > | backend system doesn't have a 'root' user. > | > | I was hoping that assigning SeMachineAccountPrivilege > | to our tech members would be enough to allow our tech > | members to join computers to our domain. > | > ... > | > | So the question is it possible to gant rights > | without using the Samba root user? Any other suggestions? > > Paul, > > Create a group mapping for the Domain Admins group. E.g. > > net groupmap modify ntgroup="Domain Admins" unixgroup="ntadmins" > > now any member of the ntadmins unix group will be able > to assign privileges. > > > cheers, jerry
Thanks, but still no go. 1 - I am now a member of ntadmins. % id uid=2381(paulg) gid=1000(tech) groups=1000(tech),512(ntadmins),5001(intern),11000(macadm),32000(tdb),32030(webapp),31002(wwwprism) 2 - as root I then did this: net groupmap modify ntgroup="Domain Admins" unixgroup="ntadmins" net groupmap list System Operators (S-1-5-32-549) -> -1 Replicators (S-1-5-32-552) -> -1 Guests (S-1-5-32-546) -> -1 Domain Admins (S-1-5-21-1048414848-xxxxxxxxxxxx-xxxxxxxxxx-512) ->ntadmins Domain Guests (S-1-5-21-1048414848-xxxxxxxxxxxx-xxxxxxxxxx-514) -> -1 Power Users (S-1-5-32-547) -> -1 Print Operators (S-1-5-32-550) -> -1 Administrators (S-1-5-32-544) -> -1 Account Operators (S-1-5-32-548) -> -1 Domain Users (S-1-5-21-1048414848-xxxxxxxxxxxxxx-xxxxxxxxxx-513) -> -1 Backup Operators (S-1-5-32-551) -> -1 Users (S-1-5-32-545) -> -1 3 - Now try to assign SeMachineAccountPrivilege to paulg net rpc rights grant 'PAULWG\paulg' SeMachineAccountPrivilege Password: [2005/02/08 15:19:48, 0, effective(5989, 6000), real(5989, 6000)] rpc_client/cli_pipe.c:rpc_api_pipe(435) cli_pipe: return critical error. Error was Call returned zero bytes (EOF) [2005/02/08 15:19:48, 0, effective(5989, 6000), real(5989, 6000)] rpc_client/cli_pipe.c:rpc_api_pipe(435) cli_pipe: return critical error. Error was Call returned zero bytes (EOF) Anymore tips or suggestions ? Thanks Paul -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
