See on the samba howto collection the chapter 15 "User rights and Privileges" . You will find the answer.
----------------------------------- Stéphane PURNELLE [EMAIL PROTECTED] Service Informatique Corman S.A. Tel : 00 32 087/342467 [EMAIL PROTECTED] a écrit sur 23/10/2007 11:36:01 : > Hi all, > > Samba has been running as PDC for some months in a row w/o no issues so > far. > Users and machines were created and added to the domain correctly... > > Now I'm facing the following problem... I hope it's easy to solve... > Although machines have been added to the domain using the root user, and > it's mapped to Administrator in /etc/samba/smbusers, when a situation > like connecting to a remote Windows workstation or unlocking a locked > session using that user comes, the workstation shows a message telling > that I (or the SysAdmin using the root or Administartor account) have no > privileges to do that... > > This is my smb.conf: > > --- > [global] > netbios name = v601 > server string = Volania Six Dominatrix > workgroup = VOLANIASIX.COM > > ; domain & local master browser > ; coz we're dealing with Win2k > os level = 65 > prefered master = yes > domain master = yes > local master = yes > domain logons = yes > wins support = yes > > ; misc options > socket options = TCP_NODELAY IPTOS_LOWDELAY SO_SNDBUF=8192 > SO_RCVBUF=8192 > time server = yes > > ; do not show files starting with dots > hide dot files = yes > > ; do not allow guest access, use only local system accounts > security = user > guest ok = no > invalid users = bin deamon sys man postfix mail ftp > admin users = @wheel > > ; use encrypted passwords > encrypt passwords = yes > > ; logging (max log size is in kB) > log level = 2 > log file = /var/log/samba/log.%L > max log size = 1000 > debug timestamp = yes > syslog = 1 > > ; user roaming profiles path > logon path = \\%N\profiles\%U > > logon drive = H: > > ; general logon script (in DOS format) > logon script = %u.bat > > # These scripts are used on a domain controller or stand-alone > # machine to add or delete corresponding unix accounts > add user script = /usr/sbin/useradd %u > add group script = /usr/sbin/groupadd %g > add machine script = /usr/sbin/adduser -n -g users -c > V6-Windows-Machine -d /dev/null -s /bin/false %u > delete user script = /usr/sbin/userdel %u > delete user from group script = /usr/sbin/deluser %u %g > delete group script = /usr/sbin/groupdel %g > username map = /etc/samba/smbusers > > > ; share for domain controller > [netlogon] > path = /usr/lib/samba/netlogon > public = no > writeable = no > browsable = no > valid users = root @smbusers > > ; share for storing user profiles > [profiles] > comment = Network Profiles Share > > path = /usr/lib/samba/profiles > writeable = yes > store dos attributes = yes > create mask = 0700 > directory mask = 0700 > browsable = no > guest ok = no > printable = no > > hide files = /desktop.ini/outlook*.lnk/*Briefcase*/ > valid users = root @smbusers > > [homes] > valid users = %S > read only = No > browseable = No > > --- > > # grep wheel /etc/group > wheel:x:10:root > > > > Any suggestions?? Maybe I've overseen something obvious when Samba was > set up as PDC... > > > TIA, > Martin > > > -- > Martin Mielke - [EMAIL PROTECTED] > Sr. SysAdmin at Casino.com > p: +34 956785288 | f: +34 956794081 | m: +34 677509693 > w: http://www.casino.com/ > > The contents of this email and any attachments are for the intended > recipient(s) only. This email may contain proprietary, confidential, > or otherwise private information belonging to Casino.com (hereafter > referred to as "The Company") or its affiliates. The Company does > not take any responsibility for, or endorse any information which > does not relate to its official business, including personal mail > and/or opinions by senders whether or not they are employed by The > Company. If you receive a message that was not intended for you, > please notify the sender immediately (or forward the email to > [EMAIL PROTECTED]). Do not read, use or disclose the contents in > any way and delete the message immediately. > > The Company will take reasonable precautions but cannot ensure that > this e-mail and any attachments will be free of errors, viruses, > interception or interference. Therefore The Company can not be held > liable for any loss or damages incurred by you which have been > caused by any of the foregoing. No undertaking, guarantee or other > obligation contained in this email or any attachments will bind The > Company unless it is later confirmed in writing. > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
