have you put them in a unix group and then ran net groupmap add
ntgroup="Domain Admins" unixgroup=whatever type=d or tried net -S DOMAIN
-U root%password rpc rights grant "DOMAIN\Domain Admins"
SeDiskOperatorPrivilege
then look on page 441 of Samba-3 By Example.pdf on how to use Computer
Management snap in to get to the Shares.
Steven Whaley wrote:
We have two samba boxes using ads security in a windows domain, and
would like for members of the Domain Admins group to be able to create
shares on the samba boxes using the Computer Management snap-in. When I
attempt to do this I get access denied errors. Is this possible, and if
so, how would I go about setting it up?
Here is the relevant portion from smb.conf
[global]
workgroup = DOMAINNAME
security = ads
realm = DOMAINNAME
password server = pw.domain.com
encrypt passwords = yes
idmap uid = 10000-20000
idmap gid = 10000-20000
netbios name = HOSTNAME
winbind enum groups = yes
winbind enum users = yes
winbind use default domain = yes
# W2K3-SP1 / W2K-SP4-SR1 COMPATIBILITY WORKAROUND
# The following statement turns off Samba's attempts to use netlogon
# schannel when connecting as a client to other SMB hosts.
client schannel = no
# GENERAL WINDOWS 2000, 2003, and XP-RELATED COMPATIBILITY SETTINGS
# These two settings tend to improve Samba's compatibility with
newer
# Windows systems:
client use spnego = no
server signing = auto
# prevent conflicts with AD
os level = 1
domain master = no
Thanks!
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
