LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Enterprise (https://www.linuxquestions.org/questions/linux-enterprise-47/)
-   -   Workstation Permisions On Samba Domain (https://www.linuxquestions.org/questions/linux-enterprise-47/workstation-permisions-on-samba-domain-434823/)

treedstang 04-13-2006 11:00 AM
Workstation Permisions On Samba Domain
 
I wanted to if a anyone had a similar problem with a samba domain workstation after it's joined to the domain.

When I login to WinXP Pro spk2 workstation as the domain root/administrator user I don't automatically have admin rights over the workstation even though the Domain Admins group is added to the local admins groups when the workstation was joined the domain. I have to login to the workstation with the local admin account and manually add the root/administrator account from the domain to the local admin group on the workstation to get it working.

I 'm running this on RHAT ES4 with Samba 3.x


Thanks

Tim

Dudydoo 04-13-2006 12:32 PM
You need to map a linux group to the samba "Domain Admins" group.

Code:
# groupadd ntadmins

# net groupmap modify ntgroup="Domain Admins" unixgroup=ntadmins
Then add anyone you wish to have domain admin rights to the group.

Take a look at the official HOWTO for more info.

http://us5.samba.org/samba/docs/man/...upmapping.html

I had this problem when I switched to samba ;-)

treedstang 04-13-2006 04:29 PM
Thanks for the reply DudyDoo,

Actually I forgot mention that I did do the groupmapping below is a copy of from my clients system..

let me know what you Think

Thanks

Tim

------------
System Operators (S-1-5-32-549) -> -1
Replicators (S-1-5-32-552) -> -1
Guests (S-1-5-32-546) -> -1
Domain Admins (S-1-5-21-842145922-2861567613-292939348-512) -> -1
Domain Users (S-1-5-21-842145922-2861567613-292939348-513) -> -1
Power Users (S-1-5-32-547) -> -1
Print Operators (S-1-5-32-550) -> -1
Administrators (S-1-5-32-544) -> -1
Domain Guests (S-1-5-21-842145922-2861567613-292939348-514) -> -1
Account Operators (S-1-5-32-548) -> -1
Backup Operators (S-1-5-32-551) -> -1
Users (S-1-5-32-545) -> -1
-----------------

Dudydoo 04-14-2006 10:15 AM
You must have got it wrong somewhere as it's still disabled (-1 at the end of line means = disable).

Code:
Domain Admins (S-1-5-21-842145922-2861567613-292939348-512) -> -1
It should read ...

Code:
Domain Admins (S-1-5-21-842145922-2861567613-292939348-512) -> ntadmins
Where 'ntadmins' is the account listed in /etc/group

Make sure you use 'net groupmap modify ...' and not 'net groupmap add ...'

treedstang 04-14-2006 11:56 AM
Dudydoo Thanks for pointing that out to me. I created a script over a year that did all of that for me below is a copy of the script. I attached a copy of the script below.

I totally over looked the -1

#!/bin/bash



groupadd engineering
groupadd inventory
groupadd officeadmin
groupadd testing
groupadd cncdata
groupadd public
groupadd shipping
groupadd procedures
groupadd ntadmins
groupadd printadmin
groupadd domusers
groupadd manufacturing


net groupmap modify ntgroup="Domain Admins" unixgroup=ntadmins
net groupmap modify ntgroup="Domain Users" unixgroup=domusers
net groupmap modify ntgroup="Print Operators" unixgroup=printadmin
net groupmap add ntgroup="Engineering" unixgroup=engineering
net groupmap add ntgroup="Inventory" unixgroup=inventory
net groupmap add ntgroup="Officeadmin" unixgroup=officeadmin
net groupmap add ntgroup="Testing" unixgroup=testing
net groupmap add ntgroup="Cncdata" unixgroup=cncdata
net groupmap add ntgroup="Public" unixgroup=public
net groupmap add ntgroup="Shipping" unixgroup=shipping
net groupmap add ntgroup="Procedures" unixgroup=procedures
net groupmap add ntgroup="testing" unixgroup=testing
net groupmap add ntgroup="Manufacturing" unixgroup=manufacturing


All times are GMT -5. The time now is 02:35 PM.