I'm having trouble with the access:
net -S localhost -U% rpc rights list accounts
BUILTIN\Administrators
SeMachineAccountPrivilege
SeTakeOwnershipPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeRemoteShutdownPrivilege
SePrintOperatorPrivilege
SeAddUsersPrivilege
SeDiskOperatorPrivilege
So, there's several features available to the build in Administrators group.
Are you saying this line in the smb.conf adds that status to a given user:
admin users = myuser
as in:
admin users = bobtheadminguy
tail -f /var/log/samba/log.wb-BUILTIN
[2008/08/01 01:43:00, 1] nsswitch/winbindd_util.c:trustdom_recv(230)
Could not receive trustdoms
[2008/08/01 01:54:39, 0]
nsswitch/winbindd_dual.c:async_request_timeout_handler(181)
async_request_timeout_handler: child pid 4520 is not responding.
Closing connection to it.
[2008/08/01 01:54:39, 1] nsswitch/winbindd_util.c:trustdom_recv(230)
Could not receive trustdoms
[2008/08/01 02:16:31, 0]
nsswitch/winbindd_dual.c:async_request_timeout_handler(181)
async_request_timeout_handler: child pid 4766 is not responding.
Closing connection to it.
[2008/08/01 02:16:31, 1] nsswitch/winbindd_util.c:trustdom_recv(230)
Could not receive trustdoms
Upon deeper investigation, I'm seeing other errors.
Here's it appears I've got a failure in winbind. I don't know what
it's
complaining about specifically, but obviously something isn't configured
correctly.
Here's my config:
[global]
workgroup = MYGROUP
server string = Samba Server
netbios name = THEBOX
security = user
hosts allow = 192.168.1. 192.168.2. 127. 10.10.10.
log file = /var/log/samba/log.%m
max log size = 50
passdb backend = tdbsam
local master = yes
os level = 65
domain master = yes
preferred master = yes
domain logons = yes
wins support = yes
hide unreadable = yes
hide dot files = yes
; dns proxy = no
nt acl support = yes
inherit acls = yes
; map acl inherit = yes
; enable privileges = yes
admin users = adminuser
Opinions welcome.
Right now, I can't seem to add a system as a "trusted machine,"
and it
gives me the error that it can't find the name. I assume this meant the
user name I added on the line [admin users = adminuser]. Windows XP Pro
just waits a bit and says it can't find the user -- like the user I've
logged in with doesn't exist. BTW, as long as I'm not trying to add the
machine to the domain, I can view the share through Network Neiborhood.
It even asks for a u/p and logs me in. I've not yet been able to test
adding/removing files.
--
Jason A. Nunnelley
JasonN.com is my website - all opinions expressed were mine at some point.
