Sorry if I'm being dense, but how do I map groups? I can't find anything in the smb.conf man page about group mapping (except with idmap, which isn't what I want). I'm using an older version of Samba -- 3.0.13 -- which is prebuilt for SuSE 9.3, and I'm lazy and didn't want to build my own. Do I need to upgrade to a newer version to get the functionality I want? Thanks!
Chris St. Pierre Unix Systems Administrator Nebraska Wesleyan University 402.465.7549 On Thu, 12 Jan 2006, Edward Luck wrote: >You need to map your Domain Admins group to a Linux group which the >root user is a member of. > >Here's a couple of things I have noticed: > >1. User account "root" always gets a RID of 1000, not 500. So, there >is effectively no "Administrator" user account. >2. You need to map the group "Domain Admins" to a unix group >(preferrably named "ntadmins", which root is a member of. > >With the above settings, I was able to add machines to the domain as >the user "root". > >Remember that the User RID of "500" in Windows has special privileges >- much like any account in UNIX with a userID of "0" is considered the >superuser. Because there is no account in Samba which has a RID of >500, you need to assign Administrator privileges based on group >membership - Domain Admins to be precise. > >On 1/12/06, Chris St. Pierre <[EMAIL PROTECTED]> wrote: >> I have a small domain with a Samba PDB and two Windows clients. My >> goal is to have all accounts held centrally on the Linux box, but the >> administrator login doesn't work as an administrator. >> >> That is, I can login just fine as 'administrator' (or as any of the >> other accounts in the Samba password db), but I don't get >> administrative privileges in Windows. >> >> In smb.conf, I have: >> >> admin users = root >> username map = /etc/samba/smbusers >> >> In smbusers, I have: >> >> root = administrator >> >> The username mapping appears to occur, but 'administrator' (now >> 'root') does not receive admin privileges in Windows. (This leads to >> quite a bind, because I can't login as administrator to take the >> computer out of the domain and add a local administrator account.) >> >> Any ideas? Thanks! >> >> Chris St. Pierre >> Unix Systems Administrator >> Nebraska Wesleyan University >> >> -- >> To unsubscribe from this list go to the following URL and read the >> instructions: https://lists.samba.org/mailman/listinfo/samba >> > > >-- >Keep flying, and stay shiny. > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
