Thread: Samba PDC Domain Admins question.
View Single Post
  #1   (View Single Post)  
Old 16th October 2008
businessgeeks businessgeeks is offline
New User
  
Join Date: May 2008
Posts: 9
Default Samba PDC Domain Admins question.
Hi,

I am trying to setup Samba 3 as a PDC (no ldap yet) and I tried mapping the "Domain Admins" group to wheel. I assume this will allow me to use root to login into a Windows XP machine and gain Administrator privileges. Yes, I am able to login into the windows xp client correctly but I found out that the "root" account does not have administrator privileges. being relatively new this, I am unsure on how to troubleshoot this.

Here are some of my configurations:

groupmappings:

Code:
Domain Admins (S-1-5-21-311252733-1558059333-3896668254-1006) -> wheel
Human Resources (S-1-5-21-898213883-2134111175-3202905958-3011) -> hr
Production (S-1-5-21-898213883-2134111175-3202905958-3013) -> prod
Digital Imaging (S-1-5-21-898213883-2134111175-3202905958-3015) -> dip
IT Services (S-1-5-21-898213883-2134111175-3202905958-3007) -> its
Background (S-1-5-21-898213883-2134111175-3202905958-3019) -> flash
Domain Users (S-1-5-21-311252733-1558059333-3896668254-1005) -> domuser
Finance Services (S-1-5-21-898213883-2134111175-3202905958-3009) -> fs
Domain Guests (S-1-5-21-898213883-2134111175-3202905958-132069) -> nobody
Users (S-1-5-21-311252733-1558059333-3896668254-1002) -> users
Code:
global]
        workgroup = TPDOMAIN
        netbios name = TDPDCSRVR01
        passdb backend = tdbsam
        pam password change = Yes
        passwd program = /usr/bin/passwd %u
        passwd chat = *New*Password* %n\n *Re-enter*new*password*%n\n*Password*changed*
        username map = /etc/smbusers
        unix password sync = Yes
        log level = 1
        syslog = 1
        log file = /var/log/samba/%m
        max log size = 50
        smb ports = 139
        name resolve order = wins bcast hosts
        printcap name = CUPS
        show add printer wizard = No
        add user script = pw useradd  -m '%u'
        delete user script = pw userdel -r '%u'
        add group script = pw groupdel '%g'
        add user to group script = pw usermod -G '%g' '%u'
        add machine script = pw useradd '%u' -s /bin/nologin -d /tmp
        logon script = scripts\logon.bat
        logon path = \\%L\profiles\%U
        logon drive = X:
        logon home = \\%L\%U
        domain logons = Yes
        preferred master = Yes
        wins support = Yes
        utmp = Yes
        map acl inherit = Yes
        printing = cups
        cups options = Raw

[homes]
        comment = Home Directories
        valid users = %S
        read only = No
        browseable = No

[netlogon]
        comment = Profile Share
        path = /var/lib/samba/netlogon
        guest ok = Yes
        locking = No

[Profiles]
        comment = Profiles
        path = /var/lib/samba/profiles
        read only = No
        profile acls = Yes

[its]
        comment = Information Technology Services
        path = /data/its
/etc/smbusers

Code:
root = Administrator
Reply With Quote