thr3ads.net - samba - [Samba] Samba 3 - domain admins (not root)? [Mar 2004]

If this information is useful, please help other people find it:
Share via:

Jonathan Baker-Bates TMS

2004-Mar-08 17:34 UTC

[Samba] Samba 3 - domain admins (not root)?

I'm trying to work out how I can create domain administrators with Samba 3.

I currently have the following in smb.conf

    domain admin group = @smbadmins
    domain admin users = root jbb

User "root" can do administrator stuff on the domain and any local
machines
it logs in on. Now I want to make a user a member of the administrators
group for the domain, so I've added them as a domain admin as above, and to
the smbadmins group, but when they log in to the domain. they don't get any
admin rights.

Can anyone tell me what needs doing to achieve this?

Thanks,

Jonathan

Gémes Géza

2004-Mar-08 18:26 UTC

head link

[Samba] Samba 3 - domain admins (not root)?

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Jonathan Baker-Bates TMS ?rta:
| I'm trying to work out how I can create domain administrators with
Samba 3.
|
| I currently have the following in smb.conf
|
|     domain admin group = @smbadmins
|     domain admin users = root jbb

You are wrong in Samba3 there is a complete group mapping posibility,
not just the possibility of mapping domain admins, like in 2.2.x.
So:
first)  Remove that two lines from your smb.conf
second) Depending on your passdb backend, there could be two cases:
	A) passdb backend = smbpasswd (default, if not specified) or tdbsam. In
this case samba populates its database with all the entries found on a
Windows DC, you could see them with net groupmap list. You can (you need
to do) modify this default group mappings with net groupmap modify
ntgroup=... unixgroup=...
	B) passdb backend =ldapsam you need to add all the groupmaping by hand
with net groupmap add sid=... unixgroup=... Remember: Domain Admins
SID=Domain SID-512 Domain Users SID=Domain SID-513 Domain Guests
SID=Domain SID-514

Good Luck, and have a pleasant experience with Samba3, it is realy a big
improvment since the 2.2 line, in many areas.

Geza
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFATLqc/PxuIn+i1pIRAshHAKCR9xQtFdn3+PyfXiBaHLLak6wJmQCfWImc
TKYVaWx/XRzTHkgCw+lCJoY=u8n0
-----END PGP SIGNATURE-----

Apparently Analagous Threads

Search for more reasonably related threads

samba - Mar 2004 - Samba 3 - domain admins (not root)?

[Samba] Samba 3 - domain admins (not root)?

[Samba] Samba 3 - domain admins (not root)?

Apparently Analagous Threads