Hi,
I read the whole chapter and found the magic words :-)
---
To obtain the domain SID on a Samba domain controller, run the following
command:
|root# | net getlocalsid
SID for domain FOO is: S-1-5-21-4294955119-3368514841-2087710299
You may assign the domain administrator RID to an account using the
|pdbedit| command as shown here:
|root# | pdbedit -U S-1-5-21-4294955119-3368514841-2087710299-500 -u root -r
---
Only the first command runs properly on my site...
The second one fails (yes, I changed it to use our domain SID :P ):
---
build_sam_pass: Failing attempt to store user with non-uid based user RID.
smbpasswd_update_sam_account: build_smb_pass failed!
Unable to modify entry!
---
google doesn't tell me much...
A "similar" problem has been posted here:
http://lists.samba.org/archive/samba/2007-April/131104.html but it seems
that Mauricio Silveira never got an answer...
@ Mauricio: if you found a solution please post! :-)
Any (more) ideas?
Cheers,
Martin
[EMAIL PROTECTED] wrote:
See on the samba howto collection the chapter 15 "User rights and
Privileges" .
You will find the answer.
-----------------------------------
Stéphane PURNELLE [EMAIL PROTECTED]
Service Informatique Corman S.A. Tel : 00 32 087/342467
[EMAIL PROTECTED] a écrit sur
23/10/2007 11:36:01 :
Hi all,
Samba has been running as PDC for some months in a row w/o no issues so
far.
Users and machines were created and added to the domain correctly...
Now I'm facing the following problem... I hope it's easy to solve...
Although machines have been added to the domain using the root user, and
it's mapped to Administrator in /etc/samba/smbusers, when a situation
like connecting to a remote Windows workstation or unlocking a locked
session using that user comes, the workstation shows a message telling
that I (or the SysAdmin using the root or Administartor account) have no
privileges to do that...
This is my smb.conf:
---
[global]
netbios name = v601
server string = Volania Six Dominatrix
workgroup = VOLANIASIX.COM
; domain & local master browser
; coz we're dealing with Win2k
os level = 65
prefered master = yes
domain master = yes
local master = yes
domain logons = yes
wins support = yes
; misc options
socket options = TCP_NODELAY IPTOS_LOWDELAY SO_SNDBUF=8192
SO_RCVBUF=8192
time server = yes
; do not show files starting with dots
hide dot files = yes
; do not allow guest access, use only local system accounts
security = user
guest ok = no
invalid users = bin deamon sys man postfix mail ftp
admin users = @wheel
; use encrypted passwords
encrypt passwords = yes
; logging (max log size is in kB)
log level = 2
log file = /var/log/samba/log.%L
max log size = 1000
debug timestamp = yes
syslog = 1
; user roaming profiles path
logon path = \\%N\profiles\%U
logon drive = H:
; general logon script (in DOS format)
logon script = %u.bat
# These scripts are used on a domain controller or stand-alone
# machine to add or delete corresponding unix accounts
add user script = /usr/sbin/useradd %u
add group script = /usr/sbin/groupadd %g
add machine script = /usr/sbin/adduser -n -g users -c
V6-Windows-Machine -d /dev/null -s /bin/false %u
delete user script = /usr/sbin/userdel %u
delete user from group script = /usr/sbin/deluser %u %g
delete group script = /usr/sbin/groupdel %g
username map = /etc/samba/smbusers
; share for domain controller
[netlogon]
path = /usr/lib/samba/netlogon
public = no
writeable = no
browsable = no
valid users = root @smbusers
; share for storing user profiles
[profiles]
comment = Network Profiles Share
path = /usr/lib/samba/profiles
writeable = yes
store dos attributes = yes
create mask = 0700
directory mask = 0700
browsable = no
guest ok = no
printable = no
hide files = /desktop.ini/outlook*.lnk/*Briefcase*/
valid users = root @smbusers
[homes]
valid users = %S
read only = No
browseable = No
---
# grep wheel /etc/group
wheel:x:10:root
Any suggestions?? Maybe I've overseen something obvious when Samba was
set up as PDC...
TIA,
Martin
--
Martin Mielke - [EMAIL PROTECTED]
Sr. SysAdmin at Casino.com
p: +34 956785288 | f: +34 956794081 | m: +34 677509693
w: http://www.casino.com/
The contents of this email and any attachments are for the intended
recipient(s) only. This email may contain proprietary, confidential,
or otherwise private information belonging to Casino.com (hereafter
referred to as "The Company") or its affiliates. The Company does
not take any responsibility for, or endorse any information which
does not relate to its official business, including personal mail
and/or opinions by senders whether or not they are employed by The
Company. If you receive a message that was not intended for you,
please notify the sender immediately (or forward the email to
[EMAIL PROTECTED]). Do not read, use or disclose the contents in
any way and delete the message immediately.
The Company will take reasonable precautions but cannot ensure that
this e-mail and any attachments will be free of errors, viruses,
interception or interference. Therefore The Company can not be held
liable for any loss or damages incurred by you which have been
caused by any of the foregoing. No undertaking, guarantee or other
obligation contained in this email or any attachments will bind The
Company unless it is later confirmed in writing.
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
--
Martin Mielke - [EMAIL PROTECTED]
Sr. SysAdmin at Casino.com
p: +34 956785288 | f: +34 956794081 | m: +34 677509693
w: http://www.casino.com/
The contents of this email and any attachments are for the intended
recipient(s) only. This email may contain proprietary, confidential, or
otherwise private information belonging to Casino.com (hereafter referred to as
“The Company”) or its affiliates. The Company does not take any responsibility
for, or endorse any information which does not relate to its official business,
including personal mail and/or opinions by senders whether or not they are
employed by The Company. If you receive a message that was not intended for
you, please notify the sender immediately (or forward the email to [EMAIL
PROTECTED]). Do not read, use or disclose the contents in any way and delete
the message immediately.
The Company will take reasonable precautions but cannot ensure that this e-mail
and any attachments will be free of errors, viruses, interception or
interference. Therefore The Company can not be held liable for any loss or
damages incurred by you which have been caused by any of the foregoing. No
undertaking, guarantee or other obligation contained in this email or any
attachments will bind The Company unless it is later confirmed in writing.
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba