-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 nik600 hotmail escreveu: > hi > i am experiencing some problem with the configuring of samba as a PDC in a > Windows network, ive configured samba as PDC, created users, set there > password with smbpasswd and mapped unixgroup to nt group as follows: > > System Operators (S-1-5-32-549) -> -1 > Domain Users (S-1-5-21-3614578222-3141096634 -3044101766-513) -> users > Replicators (S-1-5-32-552) -> -1 > Guests (S-1-5-32-546) -> -1 > Power Users (S-1-5-32-547) -> users > Print Operators (S-1-5-32-550) -> -1 > Administrators (S-1-5-32-544) -> -1 > Domain Admins (S-1-5-21-3614578222-3141096634-3044101766-512) -> users > Domain Guests (S-1-5-21-3614578222-3141096634-3044101766-514) -> -1 > Account Operators (S-1-5-32-548) -> -1 > Backup Operators (S-1-5-32-551) -> -1 > Users (S-1-5-32-545) -> -1 > > on the windows client i've set in the local group "Power Users" the domain > group "Domain Users"
Please, don't do that. Use different groups for Domain Users, Domain Admins and Power Users. :) > the problem is that the user can log-in but they are extremely limited, they > can't set their home page, or set preferences in I.E., or preferences > regarding files (show hidden files...) Is it a client side problem, isn't it? Are you using GPO? Or Local Security policies? > the only solution i've guessed at the moment is to add "Domain Users" samba > group to "Administrators" local group...it works! but it let the user to > login as a local administrator! and i dont' want it! ;-) > > can you suggest me some controls to do? > > the server runs samba 3.0.10 on a slackware 10.1 kernel 2.6.12 Samba 3.0.10 handles the "admin user" in a different way, anyway, you don't want all your users to be Domain Admins. :-) On our network, if I don't use Local Policies, the user is able to change a lot of things in his own environment in Win2k. > thanks in advance You are welcome. Best regards, - -- Felipe Augusto van de Wiel <[EMAIL PROTECTED]> Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) Comment: Using GnuPG with Debian - http://enigmail.mozdev.org iD8DBQFDb1usCj65ZxU4gPQRAt/vAJ9d0PCnwcoBAK7QFcdvleK2gpjl8QCeJPPM 5dH/YLVcNP9Ylu468o76MD0= =PMWu -----END PGP SIGNATURE----- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba