Re: [Samba] roaming profiles and Documents and setting with non-standard Windows 2k3 administrator RID.....
Thanks John, I will give that a try today. Dan On Wed, 2010-01-27 at 21:27 -0600, John H Terpstra wrote: On 01/27/2010 08:29 PM, Daniel R. Gore wrote: Because of the extremely restrictive security environment we work under, our Windows Admins have disabled the administrator account on our Domain and created a new account with administrator rights. The result is that the common RID of 500 which maps to the Linux UID and GID of 500 is no longer valid. This means that when the Windows Domain controller, via the Domain Administrator (which has another name and RID) tries to make an account on the samba share where the profiles are intended for, it fails because Samba expects this to come from the well known RID of 500. Is there any way to specify in Samba what RID number to expect and use for Domain Administration management? Thanks. Dan Dan, You can assign suitable rights and privileges using the net utility as follows: net rpc grant rights DOMAIN\Group Name SeMachineAccountPrivilege SeTakeOwnershipPrivilege SeBackupPrivilege SeRestorePrivilege SeRemoteShutdownPrivilege SePrintOperatorPrivilege SeAddUsersPrivilege SeDiskOperatorPrivilege -Uadministrator%password When correctly processed for domain group Whatchamacallit you will get something that looks like this: net rpc rights list accounts -Uwinadmin%n3v3rgessit BUILTIN\Print Operators No privileges assigned BUILTIN\Account Operators No privileges assigned BUILTIN\Backup Operators No privileges assigned BUILTIN\Server Operators No privileges assigned BUILTIN\Administrators SeMachineAccountPrivilege SeTakeOwnershipPrivilege SeBackupPrivilege SeRestorePrivilege SeRemoteShutdownPrivilege SePrintOperatorPrivilege SeAddUsersPrivilege SeDiskOperatorPrivilege Everyone No privileges assigned URDOMAIN\Whatchamacallit SeMachineAccountPrivilege SeTakeOwnershipPrivilege SeBackupPrivilege SeRestorePrivilege SeRemoteShutdownPrivilege SePrintOperatorPrivilege SeAddUsersPrivilege SeDiskOperatorPrivilege Yell if you need more help. Cheers, John T. _ This email has been ClamScanned ! www.clamav.net _ This email has been ClamScanned ! www.clamav.net -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] roaming profiles and Documents and setting with non-standard Windows 2k3 administrator RID.....
Because of the extremely restrictive security environment we work under, our Windows Admins have disabled the administrator account on our Domain and created a new account with administrator rights. The result is that the common RID of 500 which maps to the Linux UID and GID of 500 is no longer valid. This means that when the Windows Domain controller, via the Domain Administrator (which has another name and RID) tries to make an account on the samba share where the profiles are intended for, it fails because Samba expects this to come from the well known RID of 500. Is there any way to specify in Samba what RID number to expect and use for Domain Administration management? Thanks. Dan _ This email has been ClamScanned ! www.clamav.net -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] roaming profiles and Documents and setting with non-standard Windows 2k3 administrator RID.....
On 01/27/2010 08:29 PM, Daniel R. Gore wrote: Because of the extremely restrictive security environment we work under, our Windows Admins have disabled the administrator account on our Domain and created a new account with administrator rights. The result is that the common RID of 500 which maps to the Linux UID and GID of 500 is no longer valid. This means that when the Windows Domain controller, via the Domain Administrator (which has another name and RID) tries to make an account on the samba share where the profiles are intended for, it fails because Samba expects this to come from the well known RID of 500. Is there any way to specify in Samba what RID number to expect and use for Domain Administration management? Thanks. Dan Dan, You can assign suitable rights and privileges using the net utility as follows: net rpc grant rights DOMAIN\Group Name SeMachineAccountPrivilege SeTakeOwnershipPrivilege SeBackupPrivilege SeRestorePrivilege SeRemoteShutdownPrivilege SePrintOperatorPrivilege SeAddUsersPrivilege SeDiskOperatorPrivilege -Uadministrator%password When correctly processed for domain group Whatchamacallit you will get something that looks like this: net rpc rights list accounts -Uwinadmin%n3v3rgessit BUILTIN\Print Operators No privileges assigned BUILTIN\Account Operators No privileges assigned BUILTIN\Backup Operators No privileges assigned BUILTIN\Server Operators No privileges assigned BUILTIN\Administrators SeMachineAccountPrivilege SeTakeOwnershipPrivilege SeBackupPrivilege SeRestorePrivilege SeRemoteShutdownPrivilege SePrintOperatorPrivilege SeAddUsersPrivilege SeDiskOperatorPrivilege Everyone No privileges assigned URDOMAIN\Whatchamacallit SeMachineAccountPrivilege SeTakeOwnershipPrivilege SeBackupPrivilege SeRestorePrivilege SeRemoteShutdownPrivilege SePrintOperatorPrivilege SeAddUsersPrivilege SeDiskOperatorPrivilege Yell if you need more help. Cheers, John T. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba