Andrew Gaffney
2003-Dec-12 01:57 UTC
[Samba] adding machines to the domain with Samba 3.0.0
Is there something special I need to do to let root add computers to the domain in 3.0? When I try to add the workstation I get an error about 'user not found' even though I can logon to a workstation joined to the domain as 'root'. I was able to add computers to the domain with 2.2.8 with an 'add user command' entry and 'domain admin group = root' in my smb.conf I have root in the 'Domain Admins' group: skyline samba # net groupmap list System Operators (S-1-5-32-549) -> -1 Dispatch (S-1-5-21-124999916-2847287174-2328787173-1831) -> dispatch Replicators (S-1-5-32-552) -> -1 Guests (S-1-5-32-546) -> -1 Mechanics (S-1-5-21-124999916-2847287174-2328787173-1827) -> mech Instructors (S-1-5-21-124999916-2847287174-2328787173-1837) -> instructors Accounting (S-1-5-21-124999916-2847287174-2328787173-1829) -> accounting Domain Admins (S-1-5-21-124999916-2847287174-2328787173-512) -> domainadmins Domain Guests (S-1-5-21-124999916-2847287174-2328787173-514) -> domainguests Domain Users (S-1-5-21-124999916-2847287174-2328787173-513) -> domainusers Power Users (S-1-5-32-547) -> -1 Print Operators (S-1-5-32-550) -> -1 Administrators (S-1-5-32-544) -> domainadmins Account Operators (S-1-5-32-548) -> -1 Backup Operators (S-1-5-32-551) -> -1 Users (S-1-5-32-545) -> -1 skyline samba # cat /etc/group | grep domainadmins domainadmins:x:412:root I tried to use 'User Manager for Domains' to grant 'Domain Admins' the right to 'Add workstations to the domain' but I got an error when I hit OK that said something about not being able to take away local logon right to the local Administrators group. I tried mapping the existing 'Administrators' group to the unix group 'domainadmins' and then specifically granting the 'Administrators' group the right to Logon Locally, but I still get the error. Can anyone help? -- Andrew Gaffney
WinXperts
2003-Dec-12 03:18 UTC
[Samba] Re: adding machines to the domain with Samba 3.0.0
domain admins group is not supported in samba 3, you will need to map windows groups to linux/unix groups using the NET command. something like this : net groupmap modify ntgroup="Domain Admins" unixgroup=ntadmin net groupmap modify ntgroup="Domain Users" unixgroup=users net groupmap modify ntgroup="Domain Guests" unixgroup=nobody net groupmap modify ntgroup="Administrators" unixgroup=root net groupmap modify ntgroup="Users" unixgroup=users net groupmap modify ntgroup="Guests" unixgroup=nobody net groupmap modify ntgroup="System Operators" unixgroup=sys net groupmap modify ntgroup="Account Operators" unixgroup=ntadmin net groupmap modify ntgroup="Backup Operators" unixgroup=bin net groupmap modify ntgroup="Print Operators" unixgroup=lp net groupmap modify ntgroup="Replicators" unixgroup=daemon net groupmap modify ntgroup="Power Users" unixgroup=sys Check the samba how-to. =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-Santos Soler MCP, Network+, A+ =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=