Hi,
I ve set up a PDC with Samba 3.
The domain works fine, users can log in and out, with permissions properly set, and I can share folders and printers using the DOMAIN/Groups
However, I have mapped Domain Admins to user group IT, and in IT I have 2 users
root
paul
Now, When I check on local machines, amongts the admins there's DOMAIN/Domain Admins,
but when I log on with either users I don t have Domain Admin rights, nor can I access, for instance, files which can only be accessed by Domain Admins (this was a test to see if my users were really not being recognised as Domain Admins).
I m a bit confused, could you please help me as I m not sure of what I m doing wrong.
Here's my smb.conf file.
Thanks in advance
Azh
ps->Correct me if I m wrong, but according to this, samba uses smbpasswd to identify in the Domain, but passwd to allow access control?
Quote:
[global]
name resolve order = wins lmhosts host bcast
passwd chat = "*New password:*" %n\r "*New password (again):*" %n\r \ "*Password changed*"
time server = yes
hosts allow = 127.0.0.1 192.168.0.0/255.255.255.0
dns proxy = no
netbios name = SERVER
logon script = login.bat OR %U.bat
local master = yes
workgroup = DOMAIN
os level = 65
security = user
add machine script = /usr/sbin/useradd -d /dev/null -g machines -s /bin/false -M %u
delete user script = /usr/sbin/userdel -r %u
max log size = 50
log level = 3
log file = /var/log/samba/%m.log
smb passwd file = /etc/samba/smbpasswd
add group script = /usr/sbin/groupadd %g
delete group script = /usr/sbin/groupdel %g
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
hide unreadable = yes
add user to group script = /usr/sbin/usermod -G %g %u
logon drive = x:
interfaces = lo eth0 eth0:1
domain master = yes
null passwords = no
hide dot files = yes
encrypt passwords = yes
logon home =
wins support = true
server string = [Samba server %v]
logon path =
add user script = /usr/sbin/useradd -m %u
unix charset = ISO8859-1
bind interfaces only = yes
domain logons = yes
[netlogon]
path = /home/netlogon
guest ok = no
read only = yes
browseable = no
[profiles]
path = /home/profiles
browseable = no
writeable = yes
default case = lower
preserve case = no
short preserve case = no
case sensitive = no
hide files = /desktop.ini/ntuser.ini/NTUSER.*/
write list = @smbusers @root
create mask = 0600
directory mask = 0700
[homes]
path = /home/%u
browseable = no
valid users = %S
read only = no
guest ok = no
inherit permissions = yes
[public]
comment = Public Stuff
path = /raid/File Exchange
public = yes
read only = yes
browseable = yes
write list = @users
[File Exchange]
path = /raid/File Exchange
[Shared]
valid users = @Employees,@Management,@IT
path = /raid/Accounting
write list = @Employees,@Management,@IT
|