Samba PDC - urgent help please
 

Hi,

My Ubuntun running as Samba PDC server (domain name:MSHOME), and windows XP as a member of MSHOME domain. I created 2 users account on Samba...one of it is "root" account.

- But when I use "root" account to log onto the Windows client under MSHOME domain, and went to control panel to edit something, it says "root" is not and administrator account and thus I cannot edit anything with belongs to Administrator account privilege.

- My question is how can I make "root" as Samba admin account in order to log onto windows client machine and doing configuration ? (I put admin users = root line into my smb.conf file but it doesn't work)
- I want my Windows XP pro client machine NOT to use the SamBa domain MSHOME anymore, how can I sign off samba domain on my WIndows client machine ? Because at the login window when I first start windows client machine, it gives me two options:

Log on as: MSHOME / TimH(this computer)

I choose to log on as TimH(this computer) and use my Windows user and password but it doesn't let me in

-All I want is NOT to logon to Samba domain anymore because I have some important documents prior to seting up my windows client to join Linux Samba server domain.

Please help

Create a group in Linux and add that group in the smb.conf file. Assuming you created the group sysadmin

domain admin group = @sysadmin
admin users = @sysadmin

So whichever user you want to administer the domain, make it the member of sysadmin group.

Regarding demoting winxp
More appropriately it should be put in a win forum however,

Well just login with the local administrator account by selecting this computer, and right click on My computer and get yourself demoted from the domain.

I did add the line:

admin users = root

into smb.conf file, but still can't logon to Windows client as System administrator

Is it necessary to do
domain admin group = @sysadmin
admin users = @sysadmin

or I just need to add:
admin users = root
as said above ??

Have you added root to the samba account. ?? It should work given that the default administrator is root.

It's a question of global versus local admin. The Domain Admins are the Admins for any system connected to the domain. My understanding is:
admin users = root

Defines the **local** admin, for the Samba box. You need Domain Admins to administer the domain, in which case you would need the domain admin group above to perform administration on other systems on the Domain.

As far demoting your system, you really don't need to do that to gain local access. As you have pointed out, you just log into the local system directly with the local admin account. A benefit of keeping it on the domain is that, as you also have pointed out, if you don't remember the local admin login information, you can log in with the Domain Admin account and have full access to the local system with the Domain Admin account.

-Chad

The problem is, when I use "root" to log into windows client, somehow the the domain system does not give "root" as domain administrator privilege, I thought it should by adding a line:
admin users = root (in my smb.conf file).

Secondly, At the login screen, I used "local windows admin account and password" to login (choosing login as mycomputer(this computer)), but it doesn't let me in.

- My problem is I want to gain local windows client access instead of accessing into the Samba domain

With my situation above, how could I gain the local access on my Windows machine ?

Some how, my local administrator account cannot login (by choose logon as this computer), I'm sure I entered correctly

Your question is really a windows question more than it is a Linux/Samba related one. But I'll give it a whirl:

Your local admin account hasn't been "modified" by joining the domain. If you can't remember the credentials or the account has somehow been "tweaked" you will need to use a password reset tool. We use:
http://home.eunet.no/pnordahl/ntpasswd/

Local is not the same as Domain. Your Domain accounts are separate. As far as I understand it, adding:
admin users = root

ONLY changes whom the admin user is on your SAMBA box, not Domain wide. a local Admin does not have Admin privileges on the entire Domain, only on the local box. So:
admin users = root
Will not allow you to hop on your Domain connected systems and login with "root". Instead you would use the above noted lines for Domain Admin membership. Once you are a member of Domain Admins, **then** you can use a DOMAIN ADMIN account to log into the domain connected systems with Admin privs.

-Chad