Daniel Spannbauer schrieb:> Hello,
>
> I've build a domain with Samba 3.0.23 and sucessfully joined this
domain
> with a Windows-XP-Machine. I can log in to that machine as User
"Root",
> wich is in the Group "Domain Admins" (rid=512). But I have no
> admin-rights on that machine.
> Also, normal User can not log in over the Remotesession (RDP).
>
> Can anybody help me to figure out why?
>
> Here is my smb.conf:
>
>
>
> [global]
> server string = b-login
> workgroup = marco
> ; speed optimierungen
> socket options = TCP_NODELAY
> share modes = no
> debug level = 10
> debug uid = yes
> getwd cache = yes
> ; read size = 65536
> preserve case = yes
> log level = 10
>
> printer admin = ds
> domain logons = yes
> domain master = yes
> local master = Yes
> preferred master = Yes
> ldap admin dn = cn=Administrator,dc=marco,dc=de
> ldap delete dn = No
> ldap group suffix = ou=group
> ldap ssl = off
> ldap suffix = dc=marco,dc=de
> ldap user suffix = ou=people
> ldap machine suffix = ou=Computers
> ldap idmap suffix = ou=idmap
> ; ldap passwd sync = yes
> logon path = \\%L\%U\.ntprofile
> logon home = \\%L\%U\.ntprofile
> logon drive = H:
> passdb backend = ldapsam:"ldap://10.3.1.3"
> security = user
> add machine script = /usr/sbin/useradd -c Machine -d
> /var/lib/nobody -s /bin/false %m$
> printing = cups
> printcap name = cups
> printcap cache time = 750
> cups options > smb ports = 139
> local master = no
> kernel oplocks = No
>
> ; ----- same as "umask 2"
> create mask = 0775
> ; ----- disconnect after N minutes inactive
> dead time = 300
> ; ----- check whether clients are alive [seconds]
> keep alive = 300
> ; ----- may delete readonly files
> delete readonly = yes
> ; ----- logfiles grow up to N kByte
> ; max log size = 100
> ; ----- don't map archive bit to execute bit
> map archive = no
> ; ----- "umask 2" setting for files and directories
> create mask = 0775
> directory mask = 0775
> ; ----- WINS support
> ; note: on SuSE 8samba is patched so that
> ; if (wins server == localhost)
> ; wins support = yes
> ; preferred master = yes
> ; os level >= 32
> ;
>
> wins server = gate
>
> name resolve order = wins host bcast
>
> security = user
>
> netbios aliases = homedirs
Hmmm, when I log in on the Workstation as Administrator (which is mapped
to User root) then I get a Groupsid which ends to 513, so I get as
Administrator the Rights of the normals Domain USer. But in LDAP the
PrimaryGroupSid for root is set to 512 (DomainAdmins).
In the Group-Entry for the Group of the DomainAdmins root is also in
MemberUID.
Can anybody tell me why the PrimaryGropSid isn't used by samba?
Regards
Daniel
>
>
> Regards
>
> Daniel
>
--
Daniel Spannbauer Software Entwicklung
marco Systemanalyse und Entwicklung GmbH Tel +49 8333 9233-27 Fax -11
Rechbergstr. 4 - 6, D 87727 Babenhausen Mobil +49 171 4033220
http://www.marco.de/ Email ds at marco.de
Gesch?ftsf?hrer Martin Reuter HRB 171775 Amtsgericht M?nchen