Hi Samba User Group Maybe that's a stupid question, however i have a severe problem with that. I'm running samba 2.0.4b on suse linux 6.1 and windows nt4 sp4, german version. I need the domain admin to be a member of the local admin group, If I log into the local domain as admin I cannot add the domain admin to the local admin group, because of miising privledges in the domain. If I log into the domain it's the same, because of missing privledges on the local workstation. User Administrator is member of the linux group root. In smb.conf I've set domain admin group = root. I would appreciate any hints for solving my problem# Regards Michael Kramer michael-kramer@franken1.de
Stephen L Arnold
1999-Jun-20 00:36 UTC
How to add an Domain Admin to the local Admin group
On 20 Jun 99, "Michael Kramer" <michael-kramer@franken1.de> had questions about How to add an Domain Admin to the local Admin group:> I need the domain admin to be a member of the local admin group, > If I log into the local domain as admin I cannot add the domain > admin to the local admin group, because of miising privledges in > the domain. If I log into the domain it's the same, because of > missing privledges on the local workstation. > > User Administrator is member of the linux group root. In > smb.conf I've set domain admin group = root.>From the current smb.conf man page:domain admin group (G) This is an EXPERIMENTAL parameter that is part of the unfinished Samba NT Domain Controller Code. It has been removed as of November 98. To work with the latest code builds that may have more support for Samba NT Domain Controller functionality please subscribe to the mailing list Samba-ntdom available by sending email to listproc@samba.org Probably why it's not working. Check and see if you have a username map file specified in smb.conf. You should try the following parameter instead: domain user map (G) This option allows you to specify a file containing unique mappings of individual NT Domain User names (in any domain) to UNIX user names. This allows NT domain users to be presented correctly to NT systems, despite the lack of native support for the NT Security model (based on VAX/VMS) in UNIX. The reader is advised to become familiar with the NT Domain system and its administration. [snip] This option, which provides (and maintains) a one-to-one link between UNIX and NT users, is DIFFERENT from 'username map', which does NOT maintain a distinction between the name(s) it can map to and the name it maps. If you haven't tried this yet, give it a shot Steve ************************************************************* Steve Arnold http://www.rain.org/~sarnold Things go better with Linux and King Crimson.