Re: [Samba] Local Administrator access
Hi, I'm sorry about last mail. It was incompleate. It was not me who installed the machine. And from what I can see, there was not created any local users. So when I installed a new samba domain controller I was not able to log in to that computer. So I took the old SID and put in in to a new (temporary, on my laptop) samba server, and copied the old machine account password. Then I was able to log inn. But the user I created on the samba server does not have local administration rights on the windows client. And now, when composing this email, gathering information about my setup (and a good nights sleep), I discover that the user I used to access the computer was set to another domain. I found this out by pdbedit -Lv knobo Thank you for the help :) Without you I would not have figured out ;) (maybe) Best regards Knut Olav Bøhmer 2012/11/26 Gaiseric Vandal gaiseric.van...@gmail.com Have you tried logging into the PC using the samba domain administrator account? Assuming the PC was properly joined to the domain then you should be able to configure the local accounts and groups. You can create domain group that is then a member of the PC's local administrator group. This will allow you do defined samba users who are PC administrators but NOT domain administrators. Whomever joins a PC to a domain needs to be both a local administrator on that computer and (in most cases) have domain administrator credentials. (If the machine account was created in advance then the domain administrator credentials should not be needed.) Are you sure the PC was joined to the domain? On 11/26/12 10:51, Knut Olav Bøhmer wrote: 2012/11/26 Gaiseric Vandal gaiseric.van...@gmail.com mailto: gaiseric.vandal@gmail.**com gaiseric.van...@gmail.com With Windows7, the 1st account you create during the initial setup is typically a member of the local admin group. The actual Administrator account is normally disabled. Did this 1st account get deleted? I did not install the computer. How can I find out if there is such a user? But, I don't have the password anyway. When you joined the domain, the Domain Admin's groups should have been added to the local Admin group. Ok, so the trick is to get my user a member of the Domain Admins group. This can get messed up if your group mappings are not set up correctly. Also, I think when running the net command you may want to use -U Administrator to use the credentials of your domain Administrator account (assuming one has been defined.) In my setup the unix root does not have a samba account. On 11/26/12 10:03, Knut Olav Bøhmer wrote: Hi, I have a windows 7 machine withouth local administrator account. I need to create such an account. I can log in to the machine with a user on my samba domain. What do I need to do in order to get administrator access, or access to create an local administrator account? I have tried to do this: [root@float samba]# net rpc group addmem Administrators 'DOMAIN\username' Enter root's password: Could not add SKOLELINUX\knobo to Administrators: NT_STATUS_NO_SUCH_ALIAS I have tried to give some rights this way: net rpc rights grant 'DOMAIN\username' SeMachineAccountPrivilege SeAddUsersPrivilege SeDiskOperatorPrivilege SeSecurityPrivilege SeUndockPrivilege SeImpersonatePrivilege SeCreateGlobalPrivilege SePrintOperatorPrivilege SeCreateGlobalPrivilege SeEnableDelegationPrivilege SeUndockPrivilege SeTakeOwnershipPrivilege And it does what I tell it: [root@float samba]# net rpc rights list knobo Enter root's password: SeMachineAccountPrivilege SeTakeOwnershipPrivilege SeRemoteShutdownPrivilege SePrintOperatorPrivilege SeAddUsersPrivilege SeDiskOperatorPrivilege SeSecurityPrivilege SeSystemProfilePrivilege SeUndockPrivilege SeImpersonatePrivilege SeCreateGlobalPrivilege SeEnableDelegationPrivilege But I'm still promptet for username and password, when I try to access the user accounts in windows 7. Any suggestions? Regards -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/**mailman/options/sambahttps://lists.samba.org/mailman/options/samba -- Knut Olav Bøhmer 41 000 108 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/**mailman/options/sambahttps://lists.samba.org/mailman/options/samba -- Knut Olav Bøhmer 41 000 108 -- To unsubscribe from this list go to the following URL and read the instructions:
[Samba] Local Administrator access
Hi, I have a windows 7 machine withouth local administrator account. I need to create such an account. I can log in to the machine with a user on my samba domain. What do I need to do in order to get administrator access, or access to create an local administrator account? I have tried to do this: [root@float samba]# net rpc group addmem Administrators 'DOMAIN\username' Enter root's password: Could not add SKOLELINUX\knobo to Administrators: NT_STATUS_NO_SUCH_ALIAS I have tried to give some rights this way: net rpc rights grant 'DOMAIN\username' SeMachineAccountPrivilege SeAddUsersPrivilege SeDiskOperatorPrivilege SeSecurityPrivilege SeUndockPrivilege SeImpersonatePrivilege SeCreateGlobalPrivilege SePrintOperatorPrivilege SeCreateGlobalPrivilege SeEnableDelegationPrivilege SeUndockPrivilege SeTakeOwnershipPrivilege And it does what I tell it: [root@float samba]# net rpc rights list knobo Enter root's password: SeMachineAccountPrivilege SeTakeOwnershipPrivilege SeRemoteShutdownPrivilege SePrintOperatorPrivilege SeAddUsersPrivilege SeDiskOperatorPrivilege SeSecurityPrivilege SeSystemProfilePrivilege SeUndockPrivilege SeImpersonatePrivilege SeCreateGlobalPrivilege SeEnableDelegationPrivilege But I'm still promptet for username and password, when I try to access the user accounts in windows 7. Any suggestions? Regards -- Knut Olav Bøhmer -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Local Administrator access
With Windows7, the 1st account you create during the initial setup is typically a member of the local admin group. The actual Administrator account is normally disabled. Did this 1st account get deleted? When you joined the domain, the Domain Admin's groups should have been added to the local Admin group. This can get messed up if your group mappings are not set up correctly. Also, I think when running the net command you may want to use -U Administrator to use the credentials of your domain Administrator account (assuming one has been defined.) In my setup the unix root does not have a samba account. On 11/26/12 10:03, Knut Olav Bøhmer wrote: Hi, I have a windows 7 machine withouth local administrator account. I need to create such an account. I can log in to the machine with a user on my samba domain. What do I need to do in order to get administrator access, or access to create an local administrator account? I have tried to do this: [root@float samba]# net rpc group addmem Administrators 'DOMAIN\username' Enter root's password: Could not add SKOLELINUX\knobo to Administrators: NT_STATUS_NO_SUCH_ALIAS I have tried to give some rights this way: net rpc rights grant 'DOMAIN\username' SeMachineAccountPrivilege SeAddUsersPrivilege SeDiskOperatorPrivilege SeSecurityPrivilege SeUndockPrivilege SeImpersonatePrivilege SeCreateGlobalPrivilege SePrintOperatorPrivilege SeCreateGlobalPrivilege SeEnableDelegationPrivilege SeUndockPrivilege SeTakeOwnershipPrivilege And it does what I tell it: [root@float samba]# net rpc rights list knobo Enter root's password: SeMachineAccountPrivilege SeTakeOwnershipPrivilege SeRemoteShutdownPrivilege SePrintOperatorPrivilege SeAddUsersPrivilege SeDiskOperatorPrivilege SeSecurityPrivilege SeSystemProfilePrivilege SeUndockPrivilege SeImpersonatePrivilege SeCreateGlobalPrivilege SeEnableDelegationPrivilege But I'm still promptet for username and password, when I try to access the user accounts in windows 7. Any suggestions? Regards -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Local Administrator access
Have you tried logging into the PC using the samba domain administrator account? Assuming the PC was properly joined to the domain then you should be able to configure the local accounts and groups. You can create domain group that is then a member of the PC's local administrator group. This will allow you do defined samba users who are PC administrators but NOT domain administrators. Whomever joins a PC to a domain needs to be both a local administrator on that computer and (in most cases) have domain administrator credentials. (If the machine account was created in advance then the domain administrator credentials should not be needed.) Are you sure the PC was joined to the domain? On 11/26/12 10:51, Knut Olav Bøhmer wrote: 2012/11/26 Gaiseric Vandal gaiseric.van...@gmail.com mailto:gaiseric.van...@gmail.com With Windows7, the 1st account you create during the initial setup is typically a member of the local admin group. The actual Administrator account is normally disabled. Did this 1st account get deleted? I did not install the computer. How can I find out if there is such a user? But, I don't have the password anyway. When you joined the domain, the Domain Admin's groups should have been added to the local Admin group. Ok, so the trick is to get my user a member of the Domain Admins group. This can get messed up if your group mappings are not set up correctly. Also, I think when running the net command you may want to use -U Administrator to use the credentials of your domain Administrator account (assuming one has been defined.) In my setup the unix root does not have a samba account. On 11/26/12 10:03, Knut Olav Bøhmer wrote: Hi, I have a windows 7 machine withouth local administrator account. I need to create such an account. I can log in to the machine with a user on my samba domain. What do I need to do in order to get administrator access, or access to create an local administrator account? I have tried to do this: [root@float samba]# net rpc group addmem Administrators 'DOMAIN\username' Enter root's password: Could not add SKOLELINUX\knobo to Administrators: NT_STATUS_NO_SUCH_ALIAS I have tried to give some rights this way: net rpc rights grant 'DOMAIN\username' SeMachineAccountPrivilege SeAddUsersPrivilege SeDiskOperatorPrivilege SeSecurityPrivilege SeUndockPrivilege SeImpersonatePrivilege SeCreateGlobalPrivilege SePrintOperatorPrivilege SeCreateGlobalPrivilege SeEnableDelegationPrivilege SeUndockPrivilege SeTakeOwnershipPrivilege And it does what I tell it: [root@float samba]# net rpc rights list knobo Enter root's password: SeMachineAccountPrivilege SeTakeOwnershipPrivilege SeRemoteShutdownPrivilege SePrintOperatorPrivilege SeAddUsersPrivilege SeDiskOperatorPrivilege SeSecurityPrivilege SeSystemProfilePrivilege SeUndockPrivilege SeImpersonatePrivilege SeCreateGlobalPrivilege SeEnableDelegationPrivilege But I'm still promptet for username and password, when I try to access the user accounts in windows 7. Any suggestions? Regards -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- Knut Olav Bøhmer 41 000 108 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
