Steve A
2006-Jul-02 02:39 UTC
[Samba] Administrator doesn't have admin rights on workstation
Hello, I'm running FreeBSD-6.1, and Samba 3.0.22 with a Windows XP (SP2) client. As per subject line, administrator doesn't have administrator rights on the workstation. --- 'net groupmap list' gives, Domain Admins (S-1-5-21-3323006203-4037909810-1162086780-3003) -> ntadmins --- 'pdbedit -Lv' includes, Unix username: administrator NT username: Account Flags: [U ] User SID: S-1-5-21-3323006203-4037909810-1162086780-3006 Primary Group SID: S-1-5-21-3323006203-4037909810-1162086780-3003 --- '/etc/passwd' includes, administrator:*:1003:1001:Windows Domain Administrator:/home/administrator:/usr/sbin/nologin --- '/etc/group' includes, ntadmins:*:1001:>From the above, I see that the Primary Group SID for the smb Administratoraccount is the same as the one listed for Domain Admins using pdbedit. The 'administrator' password is the same for both smb and system accounts, and I can log in to the workstation successfully. I even tried mapping Domain Admins to wheel, setting an smb password for root, and logging on to the client as "root" instead of administrator. I can write over the network to root's home, but I am sitll not an administrator of the Domain so I can't install software on the client. Which step have I missed or what have I done wrong? Many thanks, Steve :)
Felipe Alfaro Solana
2006-Jul-02 03:14 UTC
[Samba] Administrator doesn't have admin rights on workstation
> Hello, I'm running FreeBSD-6.1, and Samba 3.0.22 with a Windows XP (SP2) > client. > > As per subject line, administrator doesn't have administrator rights on the > workstation. > > --- 'net groupmap list' gives, > > Domain Admins (S-1-5-21-3323006203-4037909810-1162086780-3003) -> ntadminsAFAIK, the Domain Admins group has a fixed RID of 512. Thus, your SID should look like S-1-5-21-3323006203-4037909810-1162086780-512 instead. The same happens with the Domain Users (RID 513), Domain Computers (RID 515) and Domain Guests (RID 514).
Brian May
2006-Jul-03 01:02 UTC
[Samba] Administrator doesn't have admin rights on workstation
>>>>> "Steve" == Steve A <gmane@rowyerboat.com> writes:Steve> Hello, I'm running FreeBSD-6.1, and Samba 3.0.22 with a Steve> Windows XP (SP2) client. Steve> As per subject line, administrator doesn't have Steve> administrator rights on the workstation. Hmmm. I noticed the similar thing on my system. I also noticed, as discussed here, that the RID for my Domain Admins group was wrong. However I still have issues, even after fixing the RID as discussed in this thread. Just to clarify: Does belonging to the "Domains Admins" group mean you should automatically get full administrator rights when logged onto any computer? Also, what is the difference between the terms "RID" and "SID"? sam:~# net groupmap list ... Domain Admins (S-1-5-21-1268321594-3481289969-4150125466-512) -> Domain Admins sam:~# pdbedit -Lv administrator ... Unix username: administrator NT username: administrator Account Flags: [UX ] User SID: S-1-5-21-1268321594-3481289969-4150125466-21104 Primary Group SID: S-1-5-21-1268321594-3481289969-4150125466-512 Full Name: Domain Administrator Home Directory: \\sam\administrator HomeDir Drive: U: Logon Script: logon.cmd Profile Path: Domain: VPAC Account desc: Workstations: Munged dial: Logon time: 0 Logoff time: Tue, 19 Jan 2038 14:14:07 EST Kickoff time: Tue, 19 Jan 2038 14:14:07 EST Password last set: Mon, 03 Jul 2006 10:33:32 EST Password can change: 0 Password must change: Tue, 19 Jan 2038 14:14:07 EST Last bad password : 0 Bad password count : 0 Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF -- Brian May <bam@snoopy.apana.org.au>