Kaleb Pederson
2003-Oct-15 20:20 UTC
[Samba] net groupmap modify ntgroup="Domain Admins" ... succeeds but fails
After reading through the documentation, I realized that as a part of the migration process from Samba-2.2.X to Samba-3.0.0 I needed to convert everyone in my smbadmin group (previously domain admin group = @smbadmin) to the "Domain Admins" group w/rid=512. So, I issued the following command: [root@localhost profile]# net groupmap modify ntgroup="Domain Admins" unixgroup=smbadmin The command succeded as was evidenced by net groupmap list: [root@localhost profile]# net groupmap list System Operators (S-1-5-32-549) -> -1 ... Domain Admins (S-1-5-21-3270268339-1200857648-3960152354-512) -> smbadmin My understanding of the documentation is that the Domain Admins group is automatically added to the Administrators on all machines that are a member of the domain, however, when I try to log into any of these machines as an administrator, I authenticate successfully but am not considered to be an administrator. To get around this for now, I logged onto the given local machine, went to the user management section, and added the individual account to the Administrators group. This is a rough hack, but works. What am I doing wrong? How come I'm an administrator without any administrator permissions? Thanks. --Kaleb
Stéphane Purnelle
2003-Oct-15 20:26 UTC
[Samba] net groupmap modify ntgroup="Domain Admins" ... succeeds but fails
Kaleb Pederson a ?crit :>After reading through the documentation, I realized that as a part of the >migration process from Samba-2.2.X to Samba-3.0.0 I needed to convert >everyone in my smbadmin group (previously domain admin group = @smbadmin) to >the "Domain Admins" group w/rid=512. So, I issued the following command: > >[root@localhost profile]# net groupmap modify ntgroup="Domain Admins" >unixgroup=smbadmin > >The command succeded as was evidenced by net groupmap list: > >[root@localhost profile]# net groupmap list >System Operators (S-1-5-32-549) -> -1 >... >Domain Admins (S-1-5-21-3270268339-1200857648-3960152354-512) -> smbadmin > >My understanding of the documentation is that the Domain Admins group is >automatically added to the Administrators on all machines that are a member >of the domain, however, when I try to log into any of these machines as an >administrator, I authenticate successfully but am not considered to be an >administrator. > >To get around this for now, I logged onto the given local machine, went to the >user management section, and added the individual account to the >Administrators group. This is a rough hack, but works. > >What am I doing wrong? How come I'm an administrator without any >administrator permissions? > >Thanks. > >--Kaleb > > >administrator is a member of smbadmin group ?
tcg
2003-Oct-15 20:31 UTC
[Samba] net groupmap modify ntgroup="Domain Admins" ... succeeds but fails
On Wednesday 15 October 2003 16:20, Kaleb Pederson wrote:> What am I doing wrong? How come I'm an administrator without any > administrator permissions?I think I had to restart Samba after doing this to make it effective. -- Chris Do not reply to the email address. Please use the contact page below for any desired direct replies. Apologies for the inconvenience. realcomputerguy dot com slash contact dot html
Kaleb Pederson
2003-Oct-15 20:45 UTC
[Samba] net groupmap modify ntgroup="Domain Admins" ... succeeds but fails
On Wednesday 15 October 2003 01:29 pm, you wrote:> On Wednesday 15 October 2003 16:20, Kaleb Pederson wrote: > > What am I doing wrong? How come I'm an administrator without any > > administrator permissions? > > I think I had to restart Samba after doing this to make it effective.Thanks Chris, that did it! For some reason I assumed that since it was associated with the user that it would be read in as soon as I logged back in and didn't require a samba restart? Apparently that's not the case. Thanks again. --Kaleb