Götz Reinicke - IT Koordinator
2013-Sep-02 12:43 UTC
[Samba] How to allow users to be local admin
Hi, it's some time that I had to touch our samba installation and may be somewon can point me to the right direction. We run a samba-3.6.9 PDC with ldap backend and windows 7 clients. Everything for normal users is working fine (domain logon, roaming profiles). But now we'd like to enable our systemadministartors to login to any workstation with there domain user and install software or do other administrative things. I'v read a bit about domian accounts and mappings. But I'm not sure where to add or change what. The admins affected are also in a special posix group. There are also "Domain Admins" and "Administrators" posix groups and net groupmap entries. Would be great if some one can help me. Thanks and regards . G?tz -- G?tz Reinicke IT-Koordinator Tel. +49 7141 969 82 420 Fax +49 7141 969 55 420 E-Mail goetz.reinicke at filmakademie.de Filmakademie Baden-W?rttemberg GmbH Akademiehof 10 71638 Ludwigsburg www.filmakademie.de Eintragung Amtsgericht Stuttgart HRB 205016 Vorsitzender des Aufsichtsrats: J?rgen Walter MdL Staatssekret?r im Ministerium f?r Wissenschaft, Forschung und Kunst Baden-W?rttemberg Gesch?ftsf?hrer: Prof. Thomas Schadt
Hello G?tz, Am 02.09.2013 14:43, schrieb G?tz Reinicke - IT Koordinator:> it's some time that I had to touch our samba installation and may be > somewon can point me to the right direction. > > We run a samba-3.6.9 PDC with ldap backend and windows 7 clients. > Everything for normal users is working fine (domain logon, roaming > profiles). > > But now we'd like to enable our systemadministartors to login to any > workstation with there domain user and install software or do other > administrative things. > > I'v read a bit about domian accounts and mappings. But I'm not sure > where to add or change what. > > The admins affected are also in a special posix group. > > There are also "Domain Admins" and "Administrators" posix groups and net > groupmap entries. > > Would be great if some one can help me.I'm not sure if this is possible with an NT4-style domain. With (Samba) AD it is, if you plan to migrate. Then you can use "restricted groups" for that (http://community.spiceworks.com/how_to/show/907-gpo-to-push-out-local-administrators-across-a-domain). I don't know how many clients you have. If it's a manageable size, you can create a group in your domain, go to each workstation and add this domain group to the local administrators group once. Then everyone who is member of that domain group is automatically local admin on each of that machines (this is what you do with the "restricted group" in AD in 2 mins, without leaving your desk). You only have to add this domain group on every PC you reinstall. But if it's a possibility, migrate to Samba AD. AD brings you many great features, expecially GPO, multi master replication, etc. Regards, Marc
Apparently Analagous Threads
- Mysql 5.6, Centos 7 and errno: 24 - Too many open files
- Mysql 5.6, Centos 7 and errno: 24 - Too many open files
- Mysql 5.6, Centos 7 and errno: 24 - Too many open files
- Mysql 5.6, Centos 7 and errno: 24 - Too many open files
- Mysql 5.6, Centos 7 and errno: 24 - Too many open files