thr3ads.net - samba - [Samba] Samba 3.0.0 PDC, ldapsam: net groupmap settings for NT4 usermanager and administrative shares [Nov 2003]

If this information is useful, please help other people find it:
Share via:

Gunther Schlegel

2003-Nov-10 12:26 UTC

[Samba] Samba 3.0.0 PDC, ldapsam: net groupmap settings for NT4 usermanager and administrative shares

Hi folks,

Which groupmapping is required to use the NT4 user/server manager tools
on windows? I can start the tools and the correct entries are displayed,
but I cannot open/edit them ( double click gives an access denied
message ).

The PDC logs the following:
rpc_server/srv_samr_nt.c:access_check_samr_object(93) _samr_open_user:
ACCESS DENIED  (requested: 0x000601bf)

This is my group mapping:
Domain Admins (S-1-5-21-...-512) -> administratoren 
Domain Users (S-1-5-21-...-513) -> smbuser
Domain Computers (S-1-5-21-...-515) -> users
Administrators (S-1-5-21-...-544) -> smbadmins

This is my user:
[root@fermat root]# pdbedit -Lv schlegel
Unix username:        schlegel
NT username:          schlegel
Account Flags:        [U          ]
User SID:             S-1-5-21-4157288312-2978303034-1700589767-2200
Primary Group SID:    S-1-5-21-4157288312-2978303034-1700589767-2201
Full Name:            Gunther Schlegel
Home Directory:       \\leibniz\schlegel
HomeDir Drive:        P:
Logon Script:         logon.bat
Profile Path:         \\leibniz\Profiles\schlegel
Domain:               RIEGE
Account desc:         SMB Account von Gunther Schlegel
Workstations:         
Munged dial:          
Logon time:           0
Logoff time:          Fri, 13 Dec 1901 21:45:51 GMT
Kickoff time:         Fri, 13 Dec 1901 21:45:51 GMT
Password last set:    Thu, 18 Sep 2003 13:21:49 GMT
Password can change:  Thu, 18 Sep 2003 13:21:49 GMT
Password must change: Fri, 13 Dec 1901 21:45:51 GMT

[root@fermat root]# id schlegel
uid=600(schlegel) gid=600(schlegel)
groups=600(schlegel),1000(administratoren),1004(smbuser),1010(smbadmins)


Second question: Is is possible to map group in a way that the schlegel
user can access a w2k clients administrative share ( \\client\c$ )? I
can access the share with a user I mapped rid 500 to, but that is not
very convenient. ;)

thanks, Gunther

-- 
Gunther Schlegel                    Riege Software International GmbH
Manager System Administration                            Mollsfeld 10
                                             40670 Meerbusch, Germany
Email: schlegel@riege.de                      Phone: +49-2159-9148-0
                                              Fax:   +49-2159-9148-11
---------------------------------------------------------------------

Disclaimer:
You may grab my GPG key from http://www.keyserver.net .
A nonproportional font is recommended for reading.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url :
http://lists.samba.org/archive/samba/attachments/20031110/13b7961f/attachment.bin

samba - Nov 2003 - Samba 3.0.0 PDC, ldapsam: net groupmap settings for NT4 usermanager and administrative shares

[Samba] Samba 3.0.0 PDC, ldapsam: net groupmap settings for NT4 usermanager and administrative shares