thr3ads.net - samba - [Samba] domain admin group does not have root privileges on windows 2000 or xp machines [Sep 2004]

If this information is useful, please help other people find it:
Share via:

nomine ignoto

2004-Sep-28 22:52 UTC

[Samba] domain admin group does not have root privileges on windows 2000 or xp machines

I recently upgraded to samba 3 (running on FreeBSD 4.10).  I quickly discovered
the lack of the
domain admins setting from samba 2, and found documentation directing me to use
net groupmap.  So
I've got the domain admins group set to include @wheel:

olympus# net groupmap list
System Operators (S-1-5-32-549) -> -1
Replicators (S-1-5-32-552) -> -1
Guests (S-1-5-32-546) -> -1
Domain Users (S-1-5-21-1328167348-507421394-93929189-513) -> domuser
Power Users (S-1-5-32-547) -> -1
Domain Guests (S-1-5-21-1328167348-507421394-93929189-514) -> domguest
Print Operators (S-1-5-32-550) -> -1
Administrators (S-1-5-32-544) -> wheel
Account Operators (S-1-5-32-548) -> -1
Domain Admins (S-1-5-21-1328167348-507421394-93929189-512) -> wheel
Backup Operators (S-1-5-32-551) -> -1
Users (S-1-5-32-545) -> -1

All the windows boxes in my domain still have their default administrative
shares
(//super1337/c$), and all of them have the domain admin group set to belong to
the admin group
(all this is the default).  However, when I attempt to connect via smblcient:

oh, never mind.  it works now.

but wait... alright, one of the three users in the wheel works.  the other two
still get:

olympus# smbclient -U danh //gandolf/c$ 
Password: 
Domain=[EBCRP] OS=[Windows 5.0] Server=[Windows 2000 LAN Manager]
tree connect failed: NT_STATUS_ACCESS_DENIED

this is what I was getting for the one user all day until I went to get the
example for this
message.  now it is working and the other two still aren't.  what the bloody
hell is going on
here?  

oh, you know what?  if the group is wheel, it doesn't work, but if I put the
same users in another
group, then it works.  except for one machine which is being retarded and we
don't know why.

the moral of the story?

wheel  + domain admin group in samba don't seem to get along. 

if anyone can explain this behavior, please feel free, otherwise this post
turned from a question
into an answer.  kind of.



		
_______________________________
Do you Yahoo!?
Declare Yourself - Register online to vote today!
http://vote.yahoo.com

Possibly Parallel Threads

Search for more seemingly similar threads

samba - Sep 2004 - domain admin group does not have root privileges on windows 2000 or xp machines

[Samba] domain admin group does not have root privileges on windows 2000 or xp machines

Possibly Parallel Threads

Wisdom of the Ancients