thr3ads.net - samba - [Samba] Users privilege in a NT-DOMAIN with samba as PDC [Sep 2005]

If this information is useful, please help other people find it:
Share via:

nik600 hotmail

2005-Sep-24 07:31 UTC

[Samba] Users privilege in a NT-DOMAIN with samba as PDC

hi

i am experiencing some problem with the configuring of samba as a PDC in a
NT-network, ive configured samba as PDC, created users, set there password
with smbpasswd and mapped unixgroup to nt group as follows:

System Operators (S-1-5-32-549) -> -1
Domain Users (S-1-5-21-3614578222-3141096634-3044101766-513) -> root
Replicators (S-1-5-32-552) -> -1
Guests (S-1-5-32-546) -> -1
Power Users (S-1-5-32-547) -> users
Print Operators (S-1-5-32-550) -> -1
Administrators (S-1-5-32-544) -> -1
Domain Admins (S-1-5-21-3614578222-3141096634-3044101766-512) -> users
Domain Guests (S-1-5-21-3614578222-3141096634-3044101766-514) -> -1
Account Operators (S-1-5-32-548) -> -1
Backup Operators (S-1-5-32-551) -> -1
Users (S-1-5-32-545) -> -1

on the windows client i've set in the local group "Power Users"
the domain
group "Domain Users"

the problem is that the user can log-in but they are extremely limited, they
can't set their home page, or set preferences in I.E., or preferences
regarding files (show hidden files...)

the only solution i've guessed at the moment is to add "Domain
Users" samba
group to "Administrators" local group...it works! but it let the user
to
login as a local administrator! and i dont' want it! ;-)

can you suggest me some controls to do?

the server runs samba 3.0.10 on a slackware 10.1 kernel 2.6.12

thanks in advance

nik

Ivan Ruskov

2005-Sep-24 09:17 UTC

head link

[Samba] Can winbind change passwords in AD

Hi,

I have a question concerning Winbind. When I use winbind as a pam module to
authenticate unix users against an AD Domain Controller can this pam module
be also used to change users' passwords in AD? In other words can the users
change their AD passwords through the winbind pam module?

I'm looking for a way to synchronize users and groups between a Windows
Active Directory domain controller and Linux domain member servers with
Samba 3. The other way around is to synchronize OpenLDAP and AD through a
custom script and use pam_ldap to authenticate linux users agains OpenLDAP
but I'm not quite sure if OpenLDAP supports NTLM hashes.

Thanks 
Ivan

Seemingly Similar Threads

Search for more apparently analagous threads

samba - Sep 2005 - Users privilege in a NT-DOMAIN with samba as PDC

[Samba] Users privilege in a NT-DOMAIN with samba as PDC

[Samba] Can winbind change passwords in AD

Seemingly Similar Threads