Hello everyone. I'm using SAMBA version 3.0.9-2.3-SUSE as a PDC and internal mail server (few users in user list) for quite some time and so far so good for what i wanted (Domain logins, shares, users files and backups). My problem is when i need to install software or hardware on a machine (client of the domain - Windows XP Pro). As the users don't have administrator priviledges on their machines, only the administrator (of the machine) can do such things. Now, what can i do to have a domain administrator (since root is a valid user in the domain but not administrator). I've browsed through documentation but i can't seem to find what's going on. Someone told me to insert "domain admin group = group I want" or "domain admin user = users I want" in my smb.conf file, but it didn't worked (looks like that was for older versions of samba). Can someone help? Thaks in advance, Jorge Ferreira
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Jorge Ferreira wrote: | I'm using SAMBA version 3.0.9-2.3-SUSE as a PDC | and internal mail server (few users in user list) | for quite some time and so far so good for what i | wanted (Domain logins, shares, users files and backups). | My problem is when i need to install software or | hardware on a machine (client of the domain - Windows | XP Pro). As the users don't have administrator priviledges | on their machines, only the administrator (of the machine) | can do such things. Now, what can i do to have a domain | administrator (since root is a valid user in the domain | but not administrator). Look at the 'net groupmap' feature and create a mapping for a unix group to the <domain SID>-512. cheers, jerry ====================================================================Alleviating the pain of Windows(tm) ------- http://www.samba.org GnuPG Key ----- http://www.plainjoe.org/gpg_public.asc "I never saved anything for the swim back." Ethan Hawk in Gattaca -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCklO/IR7qMdg1EfYRAo/UAKCntr5xoyd0eLOS9uw2L2tufmIOmgCgrWT9 P0m2OGZqXBX8UT9/PTPSUxk=Sb0L -----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1> I'm using SAMBA version 3.0.9-2.3-SUSE as a PDC and internal mail server (few users in user list) for quite some time and so far so good for what i wanted (Domain logins, shares, users files and backups). > My problem is when i need to install software or hardware on a machine (client of the domain - Windows XP Pro). As the users don't have administrator priviledges on their machines, only the administrator (of the machine) can do such things. Now, what can i do to have a domain administrator (since root is a valid user in the domain but not administrator). > I've browsed through documentation but i can't seem to find what's going on.This is a little confusing. Do you want to be able to have your Domain Administrator install software on each machine? If that is the case, you will need to make the Domain Administrator ( root in this case? ) a member of each local machine's Administrators group. You might be able to do this from remote using the net command. You'll also probably need all the right passwords. Jim C. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCkpLaB4AhF6wVFMERAuCCAJ47+NIeRISqkPw+ej6aJGvxsNyTzwCglpyx ZHLsYF+QOoMH3Jt/7iSN+Ts=2cOd -----END PGP SIGNATURE-----
Hello Jorge, Monday, May 23, 2005, 6:51:59 PM, you wrote: JF> Someone told me to insert "domain admin group = group I want" or JF> "domain admin user = users I want" in my smb.conf file, but it didn't JF> worked (looks like that was for older versions of samba). JF> Can someone help? Try this command: (from root shell) net groupmap modify ntgroup="Domain Admins" unixgroup=root This should enable the users in the "root" group to be considered as domain admins by workstations, thus enabling the user "root" to be an administrator of all windows workstations. If you like, you can create a group like "ntadmins" and set that group to be Domain Admins instead of "root", then you can add users to this group (I suggest to add also root to this group) so that "normal" users (that do not have the root password on your Linux server) can still manage the windows workstations. -- Fabio "Kurgan" Muzzi