-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
nik600 hotmail escreveu:> hi
> i am experiencing some problem with the configuring of samba as a PDC in a
> Windows network, ive configured samba as PDC, created users, set there
> password with smbpasswd and mapped unixgroup to nt group as follows:
>
> System Operators (S-1-5-32-549) -> -1
> Domain Users (S-1-5-21-3614578222-3141096634 -3044101766-513) -> users
> Replicators (S-1-5-32-552) -> -1
> Guests (S-1-5-32-546) -> -1
> Power Users (S-1-5-32-547) -> users
> Print Operators (S-1-5-32-550) -> -1
> Administrators (S-1-5-32-544) -> -1
> Domain Admins (S-1-5-21-3614578222-3141096634-3044101766-512) -> users
> Domain Guests (S-1-5-21-3614578222-3141096634-3044101766-514) -> -1
> Account Operators (S-1-5-32-548) -> -1
> Backup Operators (S-1-5-32-551) -> -1
> Users (S-1-5-32-545) -> -1
>
> on the windows client i've set in the local group "Power
Users" the domain
> group "Domain Users"
Please, don't do that. Use different groups for Domain Users,
Domain Admins and Power Users. :)
> the problem is that the user can log-in but they are extremely limited,
they
> can't set their home page, or set preferences in I.E., or preferences
> regarding files (show hidden files...)
Is it a client side problem, isn't it? Are you using GPO? Or
Local Security policies?
> the only solution i've guessed at the moment is to add "Domain
Users" samba
> group to "Administrators" local group...it works! but it let the
user to
> login as a local administrator! and i dont' want it! ;-)
>
> can you suggest me some controls to do?
>
> the server runs samba 3.0.10 on a slackware 10.1 kernel 2.6.12
Samba 3.0.10 handles the "admin user" in a different way,
anyway, you don't want all your users to be Domain Admins. :-)
On our network, if I don't use Local Policies, the user
is able to change a lot of things in his own environment in Win2k.
> thanks in advance
You are welcome. Best regards,
- --
Felipe Augusto van de Wiel <felipe@paranacidade.org.br>
Coordenadoria de Tecnologia da Informa??o (CTI) - SEDU/PARANACIDADE
http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Using GnuPG with Debian - http://enigmail.mozdev.org
iD8DBQFDb1usCj65ZxU4gPQRAt/vAJ9d0PCnwcoBAK7QFcdvleK2gpjl8QCeJPPM
5dH/YLVcNP9Ylu468o76MD0=PMWu
-----END PGP SIGNATURE-----