Expounding on the problem further, it appears that no users logging into
the domain are gaining access to any group memberships they have. In
particular, no users seem to have privileges in the Domain Admins group
and the Accounting group provided by the domain controller. User logons
appear to be operating normally and basic print and file services are
operating, but users are lacking any permissions granted by these
additional groups. Is there a command to query a list of groups that the
current user/session is a part of? If I run net group /domain
"Accounting", I see all the correct users listed in that group, but
the
user doesn't seem to actually have those permissions. Further details
are below:
On 3/23/2012 3:15 PM, Loren M. Lang wrote:> Recently, something broke in Samba, my user, lorenl, is no longer an
> Administrator on any local workstations. I am the only administrator
> for this network, and there's nothing I've done related to any
Samba
> configuration changes recently. On all workstations, I've checks that
> DOMAIN\Domain Admins is listed in the Administrators group. I ran this
> command from the Command Prompt and see lorenl listed:
>
> net group /domain "Domain Admins"
>
> But somehow when I log onto any workstation, I do not gain admin
> privileges. Is there some way to ask Windows which groups my logon
> session includes?
>
> On the server, I have both a Primary Domain Controller running Samba
> 3.2.3-1ubuntu3.8 and a Backup Domain Controller running Samba
> 3.0.28a-1ubuntu4.17. Both have an LDAP server behind them running on
> the same hardware. The BDC has an LDAP server which uses LDAP Sync
> replication from the PDC's LDAP server. I have Domain Admins set up as
> a Samba Group mapping to the UNIX group admins of which lorenl is also
> a part of. There have been no significant changes to this set-up that
> I am aware of since 2009 so I have no idea what broke recently.
>
--
Loren M. Lang
lorenl at alzatex.com
http://www.alzatex.com/
Public Key: ftp://ftp.tallye.com/pub/lorenl_pubkey.asc
Fingerprint: 10A0 7AE2 DAF5 4780 888A 3FA4 DCEE BB39 7654 DE5B