samba - Feb 2006 - unknown interface | win 2k server

Hi,


I implemented a samba(3.0.14a-Debian) server here on
my network. But i'm having problems with 2 stations.
One is a win2k(profissional) and the other is a win 2k
server (working like a station).

When i tried join in a domain using the
win2k(profissional) i receive the msg:

unknown interface

The strange is that it is happening only with this
win2k station. I have others stations with the same OS
and is working fine.

What i do to fix this error?


The second problem is with a win2k server that is
working like a station.

The machine joins with no problems in the domain. But
the all users of the domain don`t have permission to
shutdown, restart and any other operation that a
"administrator" have.

Look this text that i found on samba.org(how to):

"When a Windows NT4 (or later) client joins a domain,
the domain global Domain Admins group is added to the
membership of the local Administrators group on the
client. Any user who is a member of the domain global
Domain Admins group will have administrative rights on
the Windows client." (chapter 14. What Rights and
Privileges Will Permit Windows Client Administration?)

What i need to do for the users of samba(smbpasswd)
have permission of a local administrator?


I tried find the answer on samba channel of server
freenode but i not have successeful.

How i fix this 2 problems?


ps.: My configuration of samba can be found on:
www.smartlinks.com.br/smb.conf


thanks for all


Augusto Morais

On 2/21/2006 Augusto Flavio (aflavio@gmail.com) wrote:
> The machine joins with no problems in the domain. But
> the all users of the domain don`t have permission to
> shutdown, restart and any other operation that a
> "administrator" have.
You're thinking in Unix/Linux terms. A normal user on a windows 
workstation DOES have the ability to shutdown/restart the windows system.
> Look this text that i found on samba.org(how to):
> 
> "When a Windows NT4 (or later) client joins a domain,
> the domain global Domain Admins group is added to the
> membership of the local Administrators group on the
> client. Any user who is a member of the domain global
> Domain Admins group will have administrative rights on
> the Windows client." (chapter 14. What Rights and
> Privileges Will Permit Windows Client Administration?)
> 
> What i need to do for the users of samba(smbpasswd)
> have permission of a local administrator?
This is really a bad idea, and it may not fix your problem anyway.

It is not necessary for a user to have Local Administrative privleges to 
shutdown or restart a workstation, so your problem is elsewhere.

What I do is add each User to their workstation as a Domain User, and 
make them a member of the Power Users Group. Alternatively (less 
administration), you could add the 'Domain Users' group to the
'Power
Users' group on each Local computer - that way each Domain User is 
automatically given Power User rights on the local computer, instead of 
normal Users rights (which is the default). The difference is, if you do 
it by Group, then any User can log in and have Power User privs at any 
workstation. Doing it on a per user basis, if any other user logs in at 
that workstation, they only have normal user privleges.

Unless, of course, you really want to lock them down, in which case 
don't do anything - the 'Domain Users' group is automatically a
member
of the local computers 'Users' group when the computer is joined to the 
domain (but you will most likely get complaints, and some software won't 
run properly without Power User privs).

-- 

Best regards,

Charles