---------- Forwarded message ---------- From: Edward Luck <[EMAIL PROTECTED]> Date: Jan 12, 2006 7:06 PM Subject: Re: [Samba] problem with administrator accounts To: "Chris St. Pierre" <[EMAIL PROTECTED]>
You need to map your Domain Admins group to a Linux group which the root user is a member of. Here's a couple of things I have noticed: 1. User account "root" always gets a RID of 1000, not 500. So, there is effectively no "Administrator" user account. 2. You need to map the group "Domain Admins" to a unix group (preferrably named "ntadmins", which root is a member of. With the above settings, I was able to add machines to the domain as the user "root". Remember that the User RID of "500" in Windows has special privileges - much like any account in UNIX with a userID of "0" is considered the superuser. Because there is no account in Samba which has a RID of 500, you need to assign Administrator privileges based on group membership - Domain Admins to be precise. On 1/12/06, Chris St. Pierre <[EMAIL PROTECTED]> wrote: > I have a small domain with a Samba PDB and two Windows clients. My > goal is to have all accounts held centrally on the Linux box, but the > administrator login doesn't work as an administrator. > > That is, I can login just fine as 'administrator' (or as any of the > other accounts in the Samba password db), but I don't get > administrative privileges in Windows. > > In smb.conf, I have: > > admin users = root > username map = /etc/samba/smbusers > > In smbusers, I have: > > root = administrator > > The username mapping appears to occur, but 'administrator' (now > 'root') does not receive admin privileges in Windows. (This leads to > quite a bind, because I can't login as administrator to take the > computer out of the domain and add a local administrator account.) > > Any ideas? Thanks! > > Chris St. Pierre > Unix Systems Administrator > Nebraska Wesleyan University > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba > -- Keep flying, and stay shiny. -- Keep flying, and stay shiny. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
