thr3ads.net - samba - [Samba] samba-3.0.0-rc4 and Domain Admins [Sep 2003]

If this information is useful, please help other people find it:
Share via:

Alexander Bergolth

2003-Sep-19 10:30 UTC

[Samba] samba-3.0.0-rc4 and Domain Admins

Hi!

I am experiencing problems adding a user (e.g. smbadmin) to the "Domain 
Admins" group on my samba-PDC using the ldapsam backend.

When I add "Domain Admins" as a supplementary group, the Windows 2000 
client doesn't treat smbadmin as an admin. However, using "Domain 
Admins" as the primary group (including setting sambaPrimaryGroupSID as 
"$SID-512") works as expected, the user has administrative rights. 
Additional information is attached below.

Is this a limitation or have I missed anything?

Thanks in advance,
--leo

P.S.:
showgrps from the Resource Kit shows "Domain Admins" regardless of 
wether "Domain Admins" is a primary or supplemental group.

# net groupmap list verbose ntgroup="Domain Admins"
Domain Admins
         SID       : S-1-5-21-181998944-1107627502-2274996074-512
         Unix group: domadmins
         Group type: Domain group
         Comment   :

-------------------- snipp! --------------------
This setup works (primary group):

# net user INFO smbadmin
root password:
Domain Admins
rk

# ldapsearch -x -h localhost -b 'dc=rk-klbg,dc=at'
'(uid=smbadmin)'
[...]
# smbadmin, Users, rk-klbg, at
dn: uid=smbadmin,ou=Users,dc=rk-klbg,dc=at
sn: smbadmin
homeDirectory: /home/smbadmin
loginShell: /bin/bash
gecos: System User
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: sambaSamAccount
cn: smbadmin
uidNumber: 1011
uid: smbadmin
description: System User
mail: Samba.Admin
sambaSID: S-1-5-21-181998944-1107627502-2274996074-3022
sambaAcctFlags: [UX]
sambaPwdCanChange: 2147483647
sambaLogonTime: 0
sambaNTPassword: 957191BA4FCD635074D6D691E76E5512
sambaPwdLastSet: 0
sambaLogoffTime: 2147483647
sambaLMPassword: 14AC900E269621D293E28745B8BF4BA6
sambaKickoffTime: 2147483647
gidNumber: 800
sambaPrimaryGroupSID: S-1-5-21-181998944-1107627502-2274996074-512

-------------------- snipp! --------------------
This setup doesn't work: ("Domain Admins" is a supplementary
group)

net user INFO smbadmin
root password:
rk
Domain Admins

# ldapsearch -x -h localhost -b 'dc=rk-klbg,dc=at'
'(uid=smbadmin)'
[...]
# smbadmin, Users, rk-klbg, at
dn: uid=smbadmin,ou=Users,dc=rk-klbg,dc=at
sn: smbadmin
homeDirectory: /home/smbadmin
loginShell: /bin/bash
gecos: System User
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: sambaSamAccount
cn: smbadmin
uidNumber: 1011
uid: smbadmin
description: System User
mail: Samba.Admin
sambaSID: S-1-5-21-181998944-1107627502-2274996074-3022
sambaAcctFlags: [UX]
sambaPwdCanChange: 2147483647
sambaLogonTime: 0
sambaNTPassword: 957191BA4FCD635074D6D691E76E5512
sambaPwdLastSet: 0
sambaLogoffTime: 2147483647
sambaLMPassword: 14AC900E269621D293E28745B8BF4BA6
sambaKickoffTime: 2147483647
gidNumber: 1000
sambaPrimaryGroupSID: S-1-5-21-181998944-1107627502-2274996074-3001

-- 
-----------------------------------------------------------------------
Alexander (Leo) Bergolth                          leo@leo.wu-wien.ac.at
WU-Wien - Zentrum fuer Informatikdienste       http://leo.wu-wien.ac.at
                  Computers are like air conditioners -
            they stop working properly when you open Windows

Apparently Analagous Threads

Search for more reasonably related threads

samba - Sep 2003 - samba-3.0.0-rc4 and Domain Admins

[Samba] samba-3.0.0-rc4 and Domain Admins

Apparently Analagous Threads

Wisdom of the Ancients