LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 11-30-2007, 01:48 PM   #1
bg108
LQ Newbie
 
Registered: Nov 2007
Posts: 17

Rep: Reputation: 0
Exclamation Samba PDC - urgent help please


Hi,

My Ubuntun running as Samba PDC server (domain name:MSHOME), and windows XP as a member of MSHOME domain. I created 2 users account on Samba...one of it is "root" account.

- But when I use "root" account to log onto the Windows client under MSHOME domain, and went to control panel to edit something, it says "root" is not and administrator account and thus I cannot edit anything with belongs to Administrator account privilege.

- My question is how can I make "root" as Samba admin account in order to log onto windows client machine and doing configuration ? (I put admin users = root line into my smb.conf file but it doesn't work)
- I want my Windows XP pro client machine NOT to use the SamBa domain MSHOME anymore, how can I sign off samba domain on my WIndows client machine ? Because at the login window when I first start windows client machine, it gives me two options:

Log on as: MSHOME / TimH(this computer)

I choose to log on as TimH(this computer) and use my Windows user and password but it doesn't let me in

-All I want is NOT to logon to Samba domain anymore because I have some important documents prior to seting up my windows client to join Linux Samba server domain.

Please help

Last edited by bg108; 11-30-2007 at 01:51 PM.
 
Old 11-30-2007, 02:01 PM   #2
zeeshanhayat
Member
 
Registered: Oct 2004
Distribution: Fedora, Debian, Free BSD
Posts: 71

Rep: Reputation: 15
Create a group in Linux and add that group in the smb.conf file. Assuming you created the group sysadmin

domain admin group = @sysadmin
admin users = @sysadmin

So whichever user you want to administer the domain, make it the member of sysadmin group.

Regarding demoting winxp
More appropriately it should be put in a win forum however,

Well just login with the local administrator account by selecting this computer, and right click on My computer and get yourself demoted from the domain.
 
Old 11-30-2007, 02:08 PM   #3
bg108
LQ Newbie
 
Registered: Nov 2007
Posts: 17

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by zeeshanhayat View Post
Create a group in Linux and add that group in the smb.conf file. Assuming you created the group sysadmin

domain admin group = @sysadmin
admin users = @sysadmin

So whichever user you want to administer the domain, make it the member of sysadmin group.

Regarding demoting winxp
More appropriately it should be put in a win forum however,

Well just login with the local administrator account by selecting this computer, and right click on My computer and get yourself demoted from the domain.
I did add the line:

admin users = root

into smb.conf file, but still can't logon to Windows client as System administrator

Is it necessary to do
domain admin group = @sysadmin
admin users = @sysadmin

or I just need to add:
admin users = root
as said above ??
 
Old 11-30-2007, 02:16 PM   #4
zeeshanhayat
Member
 
Registered: Oct 2004
Distribution: Fedora, Debian, Free BSD
Posts: 71

Rep: Reputation: 15
Have you added root to the samba account. ?? It should work given that the default administrator is root.
 
Old 11-30-2007, 02:17 PM   #5
MasterC
LQ Guru
 
Registered: Mar 2002
Location: Salt Lake City, UT - USA
Distribution: Gentoo ; LFS ; Kubuntu
Posts: 12,612

Rep: Reputation: 64
It's a question of global versus local admin. The Domain Admins are the Admins for any system connected to the domain. My understanding is:
admin users = root

Defines the **local** admin, for the Samba box. You need Domain Admins to administer the domain, in which case you would need the domain admin group above to perform administration on other systems on the Domain.

As far demoting your system, you really don't need to do that to gain local access. As you have pointed out, you just log into the local system directly with the local admin account. A benefit of keeping it on the domain is that, as you also have pointed out, if you don't remember the local admin login information, you can log in with the Domain Admin account and have full access to the local system with the Domain Admin account.

-Chad
 
Old 11-30-2007, 02:38 PM   #6
bg108
LQ Newbie
 
Registered: Nov 2007
Posts: 17

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by MasterC View Post
It's a question of global versus local admin. The Domain Admins are the Admins for any system connected to the domain. My understanding is:
admin users = root

Defines the **local** admin, for the Samba box. You need Domain Admins to administer the domain, in which case you would need the domain admin group above to perform administration on other systems on the Domain.

As far demoting your system, you really don't need to do that to gain local access. As you have pointed out, you just log into the local system directly with the local admin account. A benefit of keeping it on the domain is that, as you also have pointed out, if you don't remember the local admin login information, you can log in with the Domain Admin account and have full access to the local system with the Domain Admin account.

-Chad
The problem is, when I use "root" to log into windows client, somehow the the domain system does not give "root" as domain administrator privilege, I thought it should by adding a line:
admin users = root (in my smb.conf file).

Secondly, At the login screen, I used "local windows admin account and password" to login (choosing login as mycomputer(this computer)), but it doesn't let me in.

- My problem is I want to gain local windows client access instead of accessing into the Samba domain

With my situation above, how could I gain the local access on my Windows machine ?

Some how, my local administrator account cannot login (by choose logon as this computer), I'm sure I entered correctly

Last edited by bg108; 11-30-2007 at 02:48 PM.
 
Old 11-30-2007, 02:48 PM   #7
MasterC
LQ Guru
 
Registered: Mar 2002
Location: Salt Lake City, UT - USA
Distribution: Gentoo ; LFS ; Kubuntu
Posts: 12,612

Rep: Reputation: 64
Your question is really a windows question more than it is a Linux/Samba related one. But I'll give it a whirl:

Your local admin account hasn't been "modified" by joining the domain. If you can't remember the credentials or the account has somehow been "tweaked" you will need to use a password reset tool. We use:
http://home.eunet.no/pnordahl/ntpasswd/

Local is not the same as Domain. Your Domain accounts are separate. As far as I understand it, adding:
admin users = root

ONLY changes whom the admin user is on your SAMBA box, not Domain wide. a local Admin does not have Admin privileges on the entire Domain, only on the local box. So:
admin users = root
Will not allow you to hop on your Domain connected systems and login with "root". Instead you would use the above noted lines for Domain Admin membership. Once you are a member of Domain Admins, **then** you can use a DOMAIN ADMIN account to log into the domain connected systems with Admin privs.

-Chad
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
samba pdc trust with windows 2003 server pdc samba_pk Linux - Networking 1 06-08-2007 02:22 AM
samba member server as fileserver authenticating samba PDC activeq Linux - Networking 0 11-17-2006 10:44 AM
samba 3 problem - samba PDC can not join to the domain ananthak Linux - Networking 1 05-21-2006 11:39 AM
Samba domain member server (DMS) group permissions in network with a Samba PDC srosa Linux - Networking 0 05-01-2006 06:55 PM
Samba PDC joeca12 Linux - Networking 16 11-10-2004 03:36 AM


All times are GMT -5. The time now is 10:48 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration