On Friday 26 September 2008 14:34:31 Jesse Stone wrote: > Hi David, > > I'm not sure about your response but I research it shortly. > > In regards to John's response, I did change it slightly (I am trying to not > use room) > net groupmap add ntgroup="Domain Admins" unixgroup=domainadmins > net groupmap add ntgroup="Domain Users" unixgroup=domainusers > net groupmap add ntgroup="Domain Guests" unixgroup=nogroup > I have then added two people into the domainadmins group (which I created) > and 1 person into the domainusers group. The users on the domainadmins > group can connect to the domain (if I use the root user to add them which I > want to change) but they cannot save their profiles. > > I belive this is due to the permissions on the folders: > rwxrwxr-x 2 root domainusers 4096 2008-09-25 12:43 netlogon > drwxrwxr-x 3 root domainusers 4096 2008-09-26 01:40 profiles > > I could see how it would work if I kept things as they are as domain admins > would be in the root group and would have access to the folder but since I > am tryig to not use the root group I am at a loss how to set the > permissions on these folders. > > I haven't been able to try the user that is in the domainusers group as > that use runs Kubuntu and I'm not sure how to add a Linux machine onto the > domain. > > Thanks for both your responses! Again, the main goal is to setup a PDC > with roaming profiles without the use of the root account or root group. > > -Jesse > > On Fri, Sep 26, 2008 at 11:18 AM, David Markey <[EMAIL PROTECTED]> wrote: > > net rpc rights grant <username> SeMachineAccountPrivilege > > > > On Fri, Sep 26, 2008 at 7:11 PM, John Drescher <[EMAIL PROTECTED]>wrote: > >> On Fri, Sep 26, 2008 at 1:59 PM, Jesse Stone <[EMAIL PROTECTED]> > >> > >> wrote: > >> > Please don't flame me. I did attempt to search before posting this > >> > >> question > >> > >> > (through Gmail), if there's a better way, please let me know! > >> > > >> > I followed this article for implementing a Samba PDC: > >> > http://www.howtoforge.com/samba_setup_ubuntu_5.10_p4 > >> > > >> > Question 1) The only accout that appears to be able to add an account > >> > >> onto > >> > >> > the domain is the root account. There must be a way to change that to > >> > a standard account. I'm using Ubuntu and do not use the root account > >> > for anything. > >> > > >> > I've tried changing "root = Administrator" in /etc/samba/smbusers to > >> > "otheruser = Administrator" but that doesn't seem to do it. > >> > >> Did you do this: > >> net groupmap modify ntgroup="Domain Admins" unixgroup=root > >> net groupmap modify ntgroup="Domain Users" unixgroup=users > >> net groupmap modify ntgroup="Domain Guests" unixgroup=nogroup > >> > >> And assign users to the Domain Admins group? > >> > >> John > >> -- > >> To unsubscribe from this list go to the following URL and read the > >> instructions: https://lists.samba.org/mailman/listinfo/samba
Please refer to chapter 15 of the Samba3-HOWTO available from: http://www.samba.org/samba/docs/Samba3-HOWTO.pdf Any user can be granted the right to add users, add machines, or any other privilege from a Windows client using the "net rpc rights grant" toolset. Cheers, John T. -- John H Terpstra "Don't do as I do; Show me better!" - Anonymous. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
