samba - Nov 2005 - how a domain user can become a local administrator ?

Hi list,

I'm using Samba wit a LDAP server. Everything works fine, but I'd like 
to know how I can declare a user or a group user as an administrator of 
the workstation he/she is logged in.
I tried to modify the guid and the SambaSID in the ldap server, but it 
doesn't work. Is there another solution than to declare locally on the 
workstation that such group must be of the local administrators group ?

Thanx in advance,
Val?ry Roch?

hi,

please have a look at
[Samba] Embedding a "Domain Group" in "Domain
Administrators" ???

greez

Val?ry Roch? wrote:
> Hi list,
> 
> I'm using Samba wit a LDAP server. Everything works fine, but I'd
like
> to know how I can declare a user or a group user as an administrator of 
> the workstation he/she is logged in.
> I tried to modify the guid and the SambaSID in the ldap server, but it 
> doesn't work. Is there another solution than to declare locally on the 
> workstation that such group must be of the local administrators group ?
> 
> Thanx in advance,
> Val?ry Roch?
> 

-- 
Michael Gasch
Max Planck Institute for Evolutionary Anthropology
Department of Human Evolution (IT)
Deutscher Platz 6
D-04103 Leipzig
Germany

Phone: 49 (0)341 - 3550 137

Hi again,

Hmmm, well, I have some news about my problem.
Here is what I want : I want some Domain Groups to be local 
Administrators on the workstation they're logged in.
By default, all my users are in the Domain Users group. Some of them are 
in a second group. These groups are defined in an LDAP directory.

I'm trying to use CPAU to do this. Here how it should work :

1- on a workstation, I log in as a Domain Admin
2- I create a job file with CPAU like this :
	cpau -u domain\my_admin_account -p password -ex "net localgroup 
\"Administrators\" \"domain\group_I_want_to_be_local_admin\"
/add" -file
job_file.job -enc
3- the file job_file.job is copied on a network share
4- in the logonscript of the users I want to be local admins, I add 
these lines :
	net use z: \\server\job
	cpau -dec -file z:\job_file.job -profile

After succesfull login of a user of this group, I can see its group is 
member of the Local Admins on the workstation. But the user as no Admins 
rights !!! If I loggof this user, and loggin again, this user have admin 
rights.

But if I execute cpau by hand, as a domain users, but by providing a 
Domain Admin account and password, there is no need to logg in again.

What am I doing wrong ?

Sincerely,
Val?ry Roch?

I made a mistake in the prvious mail
> 
> 4- in the logonscript of the users I want to be local admins, I add 
> these lines :
>     net use z: \\server\job
>     cpau -dec -file z:\job_file.job -profile
The last line is :
	cpau -dec -file z:\job_file.job -profile -cwd c:\