Hi, my root is a member of the Domain Admins:
[EMAIL PROTECTED]:/etc/ldap# id root uid=0(root) gid=0(root) groups=0(root),513(Domain Users),1013(Apps),1016(Application RelaX),1017(Terminal Server Users),1112(Applications),1120(Application Aura),512(Domain Admins) [EMAIL PROTECTED]:/etc/ldap# net rpc user info root Password: Domain Users Domain Admins Apps Application RelaX Terminal Server Users Applications Application Aura [EMAIL PROTECTED]:/etc/ldap# net rpc rights list root Password: <no output> but still doesn't get the rights from the domain admins groups: net groupmap list: ..... Domain Admins (S-1-5-21-2651798370-710026074-3531216960-512) -> Domain Admins ..... I will try ldap debug later today. On Thu, Jul 24, 2008 at 11:14 AM, Thuan Tran <[EMAIL PROTECTED]> wrote: > Thanks Stefan, this fix my problem which was described here > http://article.gmane.org/gmane.network.samba.general/99631 and here > http://article.gmane.org/gmane.network.samba.general/99649 too. > > On Thu, Jul 24, 2008 at 1:27 PM, Stefan Dengscherz < > [EMAIL PROTECTED]> wrote: > > > Hello Jeroen, > > > > > > I just had the same problem you described. The cause of it was, that > > the LDAP configuration on my new os (Ubuntu 8.04) included an option > > to ignore the root user from LDAP: > > > > nss_initgroups_ignoreusers > > > > > backup,bin,daemon,dhcp,games,gnats,irc,klog,libuuid,list,lp,mail,man,mysql,news,openldap,proxy,sshd,statd,sync,sys,syslog,uucp,www-data > > > > in /etc/ldap.conf. I can't remember if it was the stock config file or > > if I added it following some howto. However the root user on the > > server side was not a member of the 'Domain Admins' group because the > > data came from /etc/passwd. I removed root from the ignore list and it > > worked. > > > > Just check on your PDC, if the root user is really a member of the > > 'Domain Admins' group with 'id root' - if not - there's your problem. > > > > > > Kind regards, > > > > -sd > > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
