Hello All,
I have configured samba+Ldap suthentication... All users windows work
station are member of the samba domain, and Domain Admins groups is
automatically getting mapping to windows work station local
administrator group... But here the member of Domain Admin group cannot
be login as
On 14-Feb-07, at 8:13 AM, Neil Jolly wrote:
quote who=[EMAIL PROTECTED]
Please read the changelog !
There are many change between 3.0.10 and 3.0.2x
In 3.0.2x samba version, privilege are enabled are must be used !
Replying to my own message here to explain, for the sake of others,
how
I am having the exact same problem as you. When you say I built fresh
rpms, do you mean that you downloaded the srpms and used the rpmbuild
command? Could you post what you did in a step by step format.
Thanks,
Gary
On Wed, 2007-02-14 at 21:48 -0700, Neil Jolly wrote:
On 14-Feb-07, at 8:13
I am having the same problem on 3.23d, had it working fine with on 3.0.10.
The users in the domain admin group can add machines to the network but
do not have admin rights on the actual PCs'
Neil Jolly wrote:
I can't seem to get the Domain Admins group members to be recognisd as
On 14-Feb-07, at 4:01 AM, Gareth Cummings wrote:
I am having the same problem on 3.23d, had it working fine with on
3.0.10.
The users in the domain admin group can add machines to the network
but do not have admin rights on the actual PCs'
Thanks for confirming this problem. Good to
32 087/342467
Neil Jolly [EMAIL PROTECTED]
Envoyé par : [EMAIL PROTECTED]
14/02/2007 15:11
A
samba@lists.samba.org
cc
Objet
Re: [Samba] Domain Admins with Samba 3.024
On 14-Feb-07, at 4:01 AM, Gareth Cummings wrote:
I am having the same problem on 3.23d, had it working fine
quote who=[EMAIL PROTECTED]
Please read the changelog !
There are many change between 3.0.10 and 3.0.2x
In 3.0.2x samba version, privilege are enabled are must be used !
Like this:
net rpc rights list accounts -U root%123urin
BUILTIN\Print Operators
No privileges assigned
BUILTIN\Account
On 14-Feb-07, at 8:13 AM, Neil Jolly wrote:
quote who=[EMAIL PROTECTED]
Please read the changelog !
There are many change between 3.0.10 and 3.0.2x
In 3.0.2x samba version, privilege are enabled are must be used !
I resolved the issue. I built fresh rpms, completely uninstalled the
old
I can't seem to get the Domain Admins group members to be recognisd as
administrators on domain member PCs.Running net groupmap list yeilds the
following:
Domain Admins (S-1-5-21-1288424760-4211430746-2168377316-512) - admin
--irrelevant groups omitted--
Running net rpc group members Domain
Golden Butler wrote:
Hi,
I'm trying to set up one of my users to be a domain admin. I have
unix/ldap group called domainadm with user1 a member of the group.
When I run net groupmap list I get the following:
Domain Admins (S-1-5-21-186220259-3826000728-3192352269-7033) - domainadm
But
Yes! That was it. Thanks a lot.
But now I'm curious. So if I wanted to map my unix users group to
Domain Users, what rid would I use, or does it matter?
snip
I think it does matter, if you check out the samba documentation you
will see that Domain Users has the well known rid of 513
Thanks Neil. I did find some very useful info over at samba.org about
this also.
-- Delamatrix
neil wrote:
Yes! That was it. Thanks a lot.
But now I'm curious. So if I wanted to map my unix users group to
Domain Users, what rid would I use, or does it matter?
snip
I think it does
Hi,
I'm trying to set up one of my users to be a domain admin. I have
unix/ldap group called domainadm with user1 a member of the group.
When I run net groupmap list I get the following:
Domain Admins (S-1-5-21-186220259-3826000728-3192352269-7033) - domainadm
But when I go to log in to
Golden Butler wrote:
Hi,
I'm trying to set up one of my users to be a domain admin. I have
unix/ldap group called domainadm with user1 a member of the
group. When I run net groupmap list I get the following:
Domain Admins (S-1-5-21-186220259-3826000728-3192352269-7033) -
domainadm
But
[mailto:[EMAIL PROTECTED]
Sent: Wed, 24 May 2006 19:22:48 -0500
Subject: Re: [Samba] Domain Admins
Golden Butler wrote:
Hi,
I'm trying to set up one of my users to be a domain admin. I have
unix/ldap group called domainadm with user1 a member of the group.
When I run net groupmap list I get
:[EMAIL PROTECTED]
To: Golden Butler [mailto:[EMAIL PROTECTED]
Cc: Samba Mailing List [mailto:[EMAIL PROTECTED]
Sent: Wed, 24 May 2006 19:22:48 -0500
Subject: Re: [Samba] Domain Admins
Golden Butler wrote:
Hi,
I'm trying to set up one of my users to be a domain admin. I have
unix/ldap group
]
To: Kirk B. Dice [EMAIL PROTECTED]
Sent: Tuesday, April 25, 2006 5:30 PM
Subject: Re: [Samba] Domain admins and samba
Kirk,
I tried that and it did not work, I got the same message.
Thanks,
-Ivan
At 03:11 PM 4/25/2006, you wrote:
Put the -U'username%pass' parm on the net rpc rights list
I could not use the command net rpc rights list as well. I will get a
Could not connect to server 127.0.0.1 message. I can't use rpc command
at all.
Can someone please point me to the right direction.
Thanks,
-Ivan
At 02:13 PM 4/24/2006, Asier Baranguan wrote:
El Lunes, 24 de Abril de
: [Samba] Domain admins and samba
I could not use the command net rpc rights list as well. I will get a
Could not connect to server 127.0.0.1 message. I can't use rpc command
at all.
Can someone please point me to the right direction.
Thanks,
-Ivan
At 02:13 PM 4/24/2006, Asier Baranguan wrote
I added the line (enable privileges = yes) on my smb.conf, stop and start
samba service but still no luck.
I still can't add a computer to the domain using regular account that are
part of sysadmin group.
Anything else I should do?
Thanks,
-Ivan
At 07:30 AM 4/22/2006, Josh Kelley wrote:
El Lunes, 24 de Abril de 2006 20:28, Ivan Ordonez escribió:
I added the line (enable privileges = yes) on my smb.conf, stop and start
samba service but still no luck.
I still can't add a computer to the domain using regular account that are
part of sysadmin group.
I think he refers to this
On 4/21/06, Ivan Ordonez [EMAIL PROTECTED] wrote:
How can I give a user account the ability to join or add computer to the
domain?
Are privileges enabled? (enable privileges = yes in smb.conf)
If not, then I believe that only root can join computers to the domain.
If privileges are enabled,
How can I give a user account the ability to join or add computer to the
domain?
Below are the steps I did but none work:
1. Edit smb.conf file and add the following line.
# domain administrators
domain admin group = root user1 user2 @sysadmin
domain admin users = @sysadmin
I
hi,
well if i do enable privileges = no and admin users = @myadmins this
works intentionally. but jerry is right: there should be no use of uid=0
anymore.
greez
Günter Gersdorf wrote:
Domain Admins are not allowed to modify the ldapsam database via usrmgr.
lib/smbldap.c: smbldap_open:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Eric A. Hall wrote:
| On 10/18/2005 9:26 AM, Gerald (Jerry) Carter wrote:
| -BEGIN PGP SIGNED MESSAGE-
| Hash: SHA1
|
| Günter Gersdorf wrote:
|
| | Domain Admins are not allowed to modify the ldapsam
| | database via usrmgr.
| |
Domain Admins are not allowed to modify the ldapsam database via usrmgr.
lib/smbldap.c: smbldap_open: cannot access LDAP when not root..
Is this by design?
Günter Gersdorf
--
Guenter Gersdorf Phone: +49/(0)531/391-7634
Inst. f. Werkzeugmaschinen Fax:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Günter Gersdorf wrote:
| Domain Admins are not allowed to modify the ldapsam
| database via usrmgr.
| lib/smbldap.c: smbldap_open: cannot access LDAP when not root..
|
| Is this by design?
Yes. It is by design. You have to assign the
On 10/18/2005 9:26 AM, Gerald (Jerry) Carter wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Günter Gersdorf wrote:
| Domain Admins are not allowed to modify the ldapsam
| database via usrmgr.
| lib/smbldap.c: smbldap_open: cannot access LDAP when not root..
|
| Is this by
On Wed, 2005-10-19 at 00:05 -0400, Eric A. Hall wrote:
On 10/18/2005 9:26 AM, Gerald (Jerry) Carter wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Günter Gersdorf wrote:
| Domain Admins are not allowed to modify the ldapsam
| database via usrmgr.
| lib/smbldap.c:
On Tuesday 18 October 2005 22:05, Eric A. Hall wrote:
On 10/18/2005 9:26 AM, Gerald (Jerry) Carter wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Günter Gersdorf wrote:
| Domain Admins are not allowed to modify the ldapsam
| database via usrmgr.
| lib/smbldap.c:
OK, I have RTFM. All the I could find.
I cannot seem to set permissions via WINXP Pro explorer. No matter what I do
all I get is access denied - even if I own the file.
Samba log reveals:
[2005/04/20 10:56:08, 2] smbd/open.c:open_file(326)
larry opened file xghost.bin read=Yes write=No
I have a samba 3.0.7 pdc (suse 9.2 pro) and want to automatically add
the ntadmins group to the local administrators group on each domain
member workstation. The mydomain/Domain Admins group seems to be added
automatically to the Administrators group on the local workstation but
I can't find
I have a samba 3.0.7 pdc (suse 9.2 pro) and want to automatically add
the ntadmins group to the local administrators group on each domain
member workstation. The mydomain/Domain Admins group seems to be added
automatically to the Administrators group on the local workstation but I
can't find a
OK here's the deal, thanks especially to John for your time today and
remedial attention :)
My issue, to repeat myself, was that I was logging in as a domain
administrator on a Windows box, and while I was domain administrator
just fine, I was not having local administrator rights on that box.
Hi there,
I switched servers yesterday.
The old server was running 2.2.7a-1 on RedHat 8.0.
The new server is 3.0.8-0.pre1.3 on Fedora Core 3.
I did the migration by copying the following:
/etc/passwd
/etc/group
/etc/shadow
/etc/samba/*
I then copied /home and fixed all the permissions on stuff.
I
This did not work this way for Samba 2.2.x -- it was not good enough to
use admin users = to my knowledge. Has this changed, or was I mistaken
to begin with?
_ _ _ _ ___ _ _ _
|Y#| | | |\/| | \ |\ | | | Ryan Novosielski - User Support Spec. III
|$| |__| | | |__/ | \| _| | [EMAIL
Ryan Novosielski írta:
This did not work this way for Samba 2.2.x -- it was not good enough
to use admin users = to my knowledge. Has this changed, or was I
mistaken to begin with?
_ _ _ _ ___ _ _ _
|Y#| | | |\/| | \ |\ | | | Ryan Novosielski - User Support Spec. III
|$| |__| | |
Hi everyone,
I am trying to create a couple users (not root) who would be in Domain
Admins group, and would have the permissions to add machine to domain.
I can confirm that locally (I used sudo without password) as any of
the users of ntadm group, and each and everyone of them can add a user
to
Bostjan Müller írta:
Hi everyone,
I am trying to create a couple users (not root) who would be in Domain
Admins group, and would have the permissions to add machine to domain.
I can confirm that locally (I used sudo without password) as any of
the users of ntadm group, and each and everyone of
On Mon, 27 Dec 2004 15:17:18 +0100, Gémes Géza [EMAIL PROTECTED] wrote:
Bostjan Müller írta:
Hi everyone,
I am trying to create a couple users (not root) who would be in Domain
Admins group, and would have the permissions to add machine to domain.
I can confirm that locally (I used sudo
Bostjan Müller írta:
On Mon, 27 Dec 2004 15:17:18 +0100, Gémes Géza [EMAIL PROTECTED] wrote:
Bostjan Müller írta:
Hi everyone,
I am trying to create a couple users (not root) who would be in Domain
Admins group, and would have the permissions to add machine to domain.
I can confirm that
Hi,
I have recently upgaded from samba 2.2 to samba 3.0.
I used to have domain admin group = @winadmin in my smb.conf,
but I understand from the documentation that it is deprecated
in favour of
net groupmap set Domain Admin winadmin.
I would expect unix users who are members of the
unix group
If you look at your group mapping list, you have duplicates for Domain
Users and Domain Admins. Delete these mappings with the net groupmap
command (you may have to delete each twice) and then re-add them. The
SIDs should be the -5xx ones, not -1219 or -3005
Conrad Wood wrote:
Hi,
I have
D'uh!
Thanks for pointing that out ;)
It works well now.
The bit that got me confused was section 11.2 in the
samba manual. The sample commands there, if typed in as they are,
actually create another Domain Admins group ;(
Maybe that could be explained a bit better, such as
Hi
I've been running Samba 2.x for years but decided to move up to 3.0.2. I've set
up a new samba server with a workgroup NEWBIOSS and netbios name PARETO.
Im having problems setting up my domain admins.
I used
'net groupmap modify Domain Admins unixgroup=domadmin'
my 'net groupmap list' shows
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Janet Dickson írta:
| Hi
|
| I've been running Samba 2.x for years but decided to move up to 3.0.2.
| I've set up a new samba server with a workgroup NEWBIOSS and netbios
| name PARETO.
| Im having problems setting up my domain admins.
| I used
| 'net
Gémes Géza wrote:
Hi,
You haven't mapped your Domain Users, and Domain Guests group, which
could confuse your Windows clients
That has made no difference.
I've restarted samba, rejoined the PC to the domain, still says I'm not a
memeber of the Admin group.
By the way, when I run 'smbstatus -b'
Ok- very odd behavior here. Our Samba 3.0.0 server was happy as a clam,
domain admins were recognized by client systems.
We rebooted the server recently- the only real change we've made to it-
and now, domain admins aren't recognized. However, I was able to use a
user who is supposed to be a
Ok- very odd behavior here. Our Samba 3.0.0 server was happy as a clam,
domain admins were recognized by client systems.
We rebooted the server recently- the only real change we've made to it-
and now, domain admins aren't recognized. However, I was able to use a
user who is supposed to be
Hello all,
Let me say first I'm very new to Linux (only had it running 3 days), so
bear with me if I'm a bit ignorant. I'm unsure if I should even post
this here, or if this list is exclusively for hardware issues...
I'm running into difficulties (on a win2k client) adding the Samba
Domain
: Wyatt L. VanderStucken [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Wednesday, November 27, 2002 7:19 PM
Subject: [Samba] Domain Admins?
Hello all,
Let me say first I'm very new to Linux (only had it running 3 days), so
bear with me if I'm a bit ignorant. I'm unsure if I should even post
Hello All!
Im trying to troubleshoot a domain admin problem and
Im stuck at a log error msg. The log says the following:
get_domain_user_groups: primary gid
of user [root] is not a Domain group !
get_domain_user_groups: You should fix it, NT doesn't like
that
My goal is so
: [Samba] Domain Admins
Hello All!
Im trying to troubleshoot a
domain admin problem and Im stuck at a log error msg. The log says the following:
get_domain_user_groups: primary gid of
user [root] is not a Domain group !
get_domain_user_groups: You should fix
it, NT doesn't like that
My
Bradley W. Lanhorst wrote,
how are you assessing whether this is working or not?
i consider the mapping to work if i can specify
one of my domain groups as a part of a local group and
the rsop tool says that a member of that group has the appropriate
permissions..
Bradley W. Langhorst wrote,
I can't explain that - maybe somebody else who knows can chime in...
I don't think it makes sense for a Domain Admin to automatically have
Local adminstrative rights...
brad
This is what I read from:
Mastering Windows NT Server 4 6th Edition page 375
By
Hello All!!
We just recently upgraded our SAMBA server from 2.2.3a to
2.999+3.0cvs20. Minor problems have aroused. One of which is Domain
Admins. For some reason I (Domain Admin) don't have administrative
privileges on any PC on the network. What have I screwed up?
I've posted my smb.conf
If you reply to unrelated threads your message gets
sorted with those in many mail clients...
that means that some people won't see your message unless they're
following that thread (in this case the Firewall Effects on Samba thread
On Mon, 2002-10-07 at 10:04, Irving Carrion wrote:
Hello
Carrion
Cc: [EMAIL PROTECTED]
Subject: Re: [Samba] Domain Admins
On Mon, 2002-10-07 at 10:04, Irving Carrion wrote:
Hello All!!
We just recently upgraded our SAMBA server from 2.2.3a to
2.999+3.0cvs20. Minor problems have aroused. One of which is Domain
Admins. For some reason I (Domain Admin
I've read man smbgroupedit many times, over and over and OVER, and have
done step by step per the man page with no luck. I thought maybe it
would be easier for one to help if they saw what I was doing. So I
posted a partial listing of group,passwd,smb.conf below.
Plz, plz, really need some help
suggestions?
-Original Message-
From: Bradley W. Langhorst [mailto:[EMAIL PROTECTED]]
Sent: Monday, October 07, 2002 5:53 PM
To: Irving Carrion
Cc: [EMAIL PROTECTED]
Subject: RE: [Samba] Domain Admins
On Mon, 2002-10-07 at 17:38, Irving Carrion wrote:
I've read man smbgroupedit many
On Mon, 2002-10-07 at 17:59, Irving Carrion wrote:
Here is the output of smbgroupedit -td
NT group (SID) - Unix group
Domain Guests (S-1-5-21-2879687004-3117605197-2714178016-514) - -1
domainadmins (S-1-5-21-2879687004-3117605197-2714178016-3003) -
domainadmins
I just rem'd out (admin
Hello -
1) Can I set up a group whose members are automatically able to install
software on all workstations in the samba domain?
2) Does domain admins group confer to its members file access to all samba
shares?
Thanks
--
To unsubscribe from this list go to the following URL and read
On Thu, May 30, 2002 at 02:40:14AM -0400, lists wrote:
Hello -
1) Can I set up a group whose members are automatically able to install
software on all workstations in the samba domain?
Yes
(see 'domain admin group')
2) Does domain admins group confer to its members file access to all
63 matches
Mail list logo