Back in January we upgraded/moved our domain from an old install of samba and openldap to a newer version (samba 3.5.10 and openldap 2.4.23) while also moving our domain to a new name. On the old domain, which was setup before I got here, our IT section was in an ldap group that allowed us to join PC's to the domain and when the prompt came up in windows to install software we could log in as ourselves. However that is not the case on the new domain and I cannot figure out how to set that back up. I have looked at the docs on samba rights (http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/rights.html) but it seems I am missing something since when I type: net rpc rights grant 'MDAH\Domain Admins' SeMachineAccountPrivilege -S enterprise -U superusername it returns: Failed to grant privileges for MDAH\Domain Admins (NT_STATUS_NO_SUCH_USER) superusername is our "superuser" account that we have to currently type in to join machines to join the domain. However when installing software we have to log in as local administrator or do a MACHINENAME\Administrator and it's password to install software. Any pointers? -- Donny B.
Hello Donny, Am 12.07.2013 21:34, schrieb Donny Brooks:> On the old domain, which was setup before I got here,> our IT section was in an ldap group that allowed us to > join PC's to the domain ... http://wiki.samba.org/index.php/Samba_AD_DC_HOWTO/AD_Delegation#Delegating_.27Joining_Computers_to_the_domain.27-permissions > ... and when the prompt came up in windows to > install software we could log in as ourselves. What do you mean by this? Do you want to have a group of users automatically in the "administrator" group on your workstations? http://community.spiceworks.com/how_to/show/2123-add-an-active-directory-group-to-the-local-administrator-group-of-workstation-s If you mean something else, please give some more details. Regards, Marc