John H Terpstra wrote: > On Monday 03 July 2006 13:45, Steve A wrote: >> This is part of a larger post that was maybe too complicated for me to >> get the right answer, so I'm breaking it down and will do it bit by bit. >> >> Server is Samba-3 PDC, clients are NT4 & XP. >> >> I can join the domain using root credentials (so the add machine script >> works), but not when using 'administrator'. >> >> unixuser 'administrator' has primary unixgroup 'ntadmins'. >> 'ntadmins' is mapped to sambagroup 'Domain Admins'. >> Samba 'administrator' has SID from <net getlocalsid>-500 >> >> I cannot join the domain using 'administrator' - I get error "The machine >> account for this computer either does not exist or is anaccessible". But >> if I change the unix uid/gid for 'administrator' - it works. >> >> So... >> >> 1. >> To clarify, does Samba automatically map usernames in smbpasswd to >> identical unix usernames? >> >> 2. >> I was referred to the 'net' command to map some NT rights to NT groups. >> However, when I type 'net rpc rights list accounts' there are no domain >> groups listed, only 'BUILTIN\...' groups. Is this correct? Because I >> would like to add the SeMachineAccountPrivilege to the >> DOMAIN\Administrators group (if that's the right way to solve my >> problem). >> > > Suggest you read the chapter in the Samba3-HOWTO regarding User Rights and > Privileges. The answer to your question is in there.
Thanks for the reply John, but I bought your book specially. Either it doesn't answer all my questions, or I'm clearly misunderstanding it. I tried all this stuff but there was no way I could get it to say "Successfully granted rights", although it would appear to successfully remove them even though the 'list accounts' wouldn't show them. I started from scratch and at this stage it now works. I don't know what was wrong but hey... Steve :) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
