Domain Admins not Local ADmins - Samba 3.0.7
Hi!
I have succesfully setup a Samba server as a Domain Controller. I have about 7 users. Wow! I have three Windows XP machines that logon to the domain. Now with Windows XP there is this thing called group policy editor, how to I make policies and apply to them to everyone on the network? Secondly, I have a user called "admin" which is really root in linux. This user has domain admin priviliges (it can create/edit/delete users using NT User Manager). But what I want in addition is for this user to have local admin privileges, so I can modify the file system, hardware etc.... Thanks, David I tried to map it to a group: net groupmap modify ntgroup="Domain Admins" unixgroup=ntadmins net groupmap modify ntgroup="Domain Users" unixgroup=users net groupmap modify ntgroup="Domain Guests" unixgroup=nobody net groupmap modify ntgroup="Administrators" unixgroup=ntadmins |
Some more information:
Windows XP reports that in properties of the Administrators group: Members: david (renamed administrator account) Lublink\Domain Admins (S-1-5-21-4128833642-285588081-677358102-512) Some output from Linux Commands (note that superman is renamed root account) web:~ # net groupmap list System Operators (S-1-5-32-549) -> -1 Domain Guests (S-1-5-21-4128833642-285588081-677358102-514) -> nobody Replicators (S-1-5-32-552) -> -1 Guests (S-1-5-32-546) -> -1 Power Users (S-1-5-32-547) -> -1 Print Operators (S-1-5-32-550) -> -1 Administrators (S-1-5-32-544) -> ntadmins Domain Admins (S-1-5-21-4128833642-285588081-677358102-512) -> ntadmins Account Operators (S-1-5-32-548) -> -1 Domain Users (S-1-5-21-4128833642-285588081-677358102-513) -> users Backup Operators (S-1-5-32-551) -> -1 Users (S-1-5-32-545) -> -1 web:~ # net rpc group MEMBERS "Domain Admins" Password: LUBLINK\regis LUBLINK\superman LUBLINK\dave web:~ # cat /etc/group | tail -1 ntadmins:!:1001:regis,superman,dave |
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp. C:\Documents and Settings\superman>net user admin /domain The request will be processed at a domain controller for domain LUBLINK. User name superman Full Name root Comment User's comment Country code 000 (System Default) Account active Yes Account expires Never Password last set 2/24/2005 4:27 PM Password expires Never Password changeable 2/24/2005 4:27 PM Password required Yes User may change password Yes Workstations allowed All Logon script scripts\logon.bat User profile \\pdc\Profiles\superman Home directory \\pdc\superman Last logon Never Logon hours allowed All Local Group Memberships Global Group memberships *Domain Admins The command completed successfully. |
All times are GMT -5. The time now is 05:51 AM. |