I have a new Debian testing machine running the Debian Samba 3.0.5.
Everything seems OK except that I cannot get users to have domain admin
rights. I have Windows XP workstations. The workstations join and log
onto the domain fine.
A "net groupmap list" yields:
server:/home/tnolen# net groupmap list
System Operators (S-1-5-32-549) -> -1
Replicators (S-1-5-32-552) -> -1
Guests (S-1-5-32-546) -> -1
Domain Users (S-1-5-21-3876029557-4061927837-2224609541-513) -> users
Power Users (S-1-5-32-547) -> -1
Print Operators (S-1-5-32-550) -> -1
Administrators (S-1-5-32-544) -> domadm
Domain Admins (S-1-5-21-3876029557-4061927837-2224609541-512) -> domadm
Account Operators (S-1-5-32-548) -> -1
Domain Guests (S-1-5-21-3876029557-4061927837-2224609541-514) -> nogroup
Backup Operators (S-1-5-32-551) -> -1
Users (S-1-5-32-545) -> -1
My user, for example, is in the domadm group:
server:/home/tnolen# groups tnolen
tnolen : users domadm
I have tried several combinations of group mappings but all yield the
same result. Basically, the user is just a regular user.
When the workstations join the domain, the Domain Admins group DOES get
added to the local Administrators group as it should.
I've checked Debian's website to see if this is a known bug with their
version of Samba, but there is no mention of it.
Relevant parts of smb.conf:
[global]
workgroup = SRB
server string = %h server
interfaces = 192.168.1.254/24
bind interfaces only = Yes
passdb backend = smbpasswd, guest
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\sUNIX\spassword:* %n\n
*Retype\snew\sUNIX\spassword:* %n\n .
unix password sync = Yes
syslog = 0
max log size = 1000
name resolve order = wins lmhosts host bcast
socket options = IPTOS_LOWDELAY TCP_NODELAY SO_SNDBUF=4096
SO_RCVBUF=4096
add user script = /usr/sbin/useradd -d /dev/null -g 100 -s
/bin/false -M %u
add machine script = /usr/sbin/useradd -d /dev/null -g 100 -s
/bin/false -M %u
logon script = startup.bat
logon path logon home domain logons = Yes
os level = 60
preferred master = Yes
domain master = Yes
dns proxy = No
wins support = Yes
panic action = /usr/share/samba/panic-action %d
hosts allow = 192.168.1.
use client driver = Yes
[netlogon]
path = /etc/samba/netlogon
browseable = No
[shared]
comment = Shared files
path = /home/shared
read only = No
force create mode = 0777
force directory mode = 0777
Any help would be greatly appreciated.
Trey Nolen