LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Enterprise Linux Forums > Linux - Enterprise
User Name
Password
Linux - Enterprise This forum is for all items relating to using Linux in the Enterprise.

Notices

Reply
 
Search this Thread
Old 04-13-2006, 11:00 AM   #1
treedstang
Member
 
Registered: Jul 2003
Distribution: Suse 9.X Redhat 9.0, Enterprise 3 and 4 Fedora Mandrake
Posts: 79

Rep: Reputation: 15
Workstation Permisions On Samba Domain


I wanted to if a anyone had a similar problem with a samba domain workstation after it's joined to the domain.

When I login to WinXP Pro spk2 workstation as the domain root/administrator user I don't automatically have admin rights over the workstation even though the Domain Admins group is added to the local admins groups when the workstation was joined the domain. I have to login to the workstation with the local admin account and manually add the root/administrator account from the domain to the local admin group on the workstation to get it working.

I 'm running this on RHAT ES4 with Samba 3.x


Thanks

Tim
 
Old 04-13-2006, 12:32 PM   #2
Dudydoo
Member
 
Registered: Sep 2003
Location: UK
Distribution: I use 'em all ;-)
Posts: 275

Rep: Reputation: 38
You need to map a linux group to the samba "Domain Admins" group.

Code:
# groupadd ntadmins

# net groupmap modify ntgroup="Domain Admins" unixgroup=ntadmins
Then add anyone you wish to have domain admin rights to the group.

Take a look at the official HOWTO for more info.

http://us5.samba.org/samba/docs/man/...upmapping.html

I had this problem when I switched to samba ;-)
 
Old 04-13-2006, 04:29 PM   #3
treedstang
Member
 
Registered: Jul 2003
Distribution: Suse 9.X Redhat 9.0, Enterprise 3 and 4 Fedora Mandrake
Posts: 79

Original Poster
Rep: Reputation: 15
Post

Thanks for the reply DudyDoo,

Actually I forgot mention that I did do the groupmapping below is a copy of from my clients system..

let me know what you Think

Thanks

Tim

------------
System Operators (S-1-5-32-549) -> -1
Replicators (S-1-5-32-552) -> -1
Guests (S-1-5-32-546) -> -1
Domain Admins (S-1-5-21-842145922-2861567613-292939348-512) -> -1
Domain Users (S-1-5-21-842145922-2861567613-292939348-513) -> -1
Power Users (S-1-5-32-547) -> -1
Print Operators (S-1-5-32-550) -> -1
Administrators (S-1-5-32-544) -> -1
Domain Guests (S-1-5-21-842145922-2861567613-292939348-514) -> -1
Account Operators (S-1-5-32-548) -> -1
Backup Operators (S-1-5-32-551) -> -1
Users (S-1-5-32-545) -> -1
-----------------
 
Old 04-14-2006, 10:15 AM   #4
Dudydoo
Member
 
Registered: Sep 2003
Location: UK
Distribution: I use 'em all ;-)
Posts: 275

Rep: Reputation: 38
You must have got it wrong somewhere as it's still disabled (-1 at the end of line means = disable).

Code:
Domain Admins (S-1-5-21-842145922-2861567613-292939348-512) -> -1
It should read ...

Code:
Domain Admins (S-1-5-21-842145922-2861567613-292939348-512) -> ntadmins
Where 'ntadmins' is the account listed in /etc/group

Make sure you use 'net groupmap modify ...' and not 'net groupmap add ...'
 
Old 04-14-2006, 11:56 AM   #5
treedstang
Member
 
Registered: Jul 2003
Distribution: Suse 9.X Redhat 9.0, Enterprise 3 and 4 Fedora Mandrake
Posts: 79

Original Poster
Rep: Reputation: 15
Dudydoo Thanks for pointing that out to me. I created a script over a year that did all of that for me below is a copy of the script. I attached a copy of the script below.

I totally over looked the -1

#!/bin/bash



groupadd engineering
groupadd inventory
groupadd officeadmin
groupadd testing
groupadd cncdata
groupadd public
groupadd shipping
groupadd procedures
groupadd ntadmins
groupadd printadmin
groupadd domusers
groupadd manufacturing


net groupmap modify ntgroup="Domain Admins" unixgroup=ntadmins
net groupmap modify ntgroup="Domain Users" unixgroup=domusers
net groupmap modify ntgroup="Print Operators" unixgroup=printadmin
net groupmap add ntgroup="Engineering" unixgroup=engineering
net groupmap add ntgroup="Inventory" unixgroup=inventory
net groupmap add ntgroup="Officeadmin" unixgroup=officeadmin
net groupmap add ntgroup="Testing" unixgroup=testing
net groupmap add ntgroup="Cncdata" unixgroup=cncdata
net groupmap add ntgroup="Public" unixgroup=public
net groupmap add ntgroup="Shipping" unixgroup=shipping
net groupmap add ntgroup="Procedures" unixgroup=procedures
net groupmap add ntgroup="testing" unixgroup=testing
net groupmap add ntgroup="Manufacturing" unixgroup=manufacturing
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Samba 3.0.21a and Samba Domain Member Servers in a Windows 2003 ADS Domain ramz Linux - Networking 3 04-09-2006 08:26 PM
Samba permisions trouble - directorys are fine but the contents are not rwtreke Linux - Software 0 01-13-2005 05:09 PM
synchronize linux domain time to workstation sunnyee Linux - Newbie 2 06-25-2004 04:37 AM
Windows 2000 Permisions under Samba wyndman Linux - Networking 2 09-05-2003 02:44 PM
Linux workstation in a Windows domain Dr.Swing Linux - Newbie 1 03-19-2002 10:43 AM


All times are GMT -5. The time now is 07:16 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration