[Samba] Samba groups membership
in [Samba]
|
Prev: [Samba] net rpc file checks in 3.5.x
Next: Long delays when launching programs for the first time in my Windows 7 Profile (Samba 3.4.3 as PDC)
From: Jason Voorhees on 30 Jun 2010 14:50 Hi all: I was running Samba 3.0.x (from CentOS 5 repository) integrated with OpenLDAP as a complete PDC solution that worked fine for several moths. As we needed to join Win7 computers to the domain I upgraded to Samba 3.5.3 keeping my Samba configuration the same. We find that after this upgrade the root account of the domain wasn't able to access to C$, D$ or other administrative resources of Windows Machines. After looking for a solution I found some issues that I'm not really sure if they appeared as a consequence of the upgrade. I found this: # net groupmap list .... returns this: users (S-1-5-21-895592719-3520082440-1574223224-2001) -> jpp Account Operators (S-1-5-32-548) -> Account Operators Administrators (S-1-5-32-544) -> Administrators Backup Operators (S-1-5-32-551) -> Backup Operators Domain Admins (S-1-5-21-895592719-3520082440-1574223224-512) -> Domain Admins .... among other groups # smbldap-groupshow "Domain Admins" ... returns this: dn: cn=Domain Admins,ou=groups,dc=mintra,dc=gob,dc=pe cn: Domain Admins gidNumber: 512 description: Netbios Domain Administrators displayName: Domain Admins objectClass: posixGroup,sambaGroupMapping sambaGroupType: 2 sambaSID: S-1-5-21-895592719-3520082440-1574223224-512 memberUid: mescalante,jhuarancca,kaguilar,olmontero,ycabezas,arojas,secretaria_tecnica,graymundo,dpenadillo,jbarreda,lquevedo,hurquizo,mnicho,root .... so I can see that root is member of this "Domain Admins" group, but... # net rpc group members "Domain Admins" ... returns nothing! The same happens when querying other Samba groups. I don't know why this command doesn't return the list of members of this group. Well, I just tried to add a user manually: # net rpc group addmem "Domain Admins" someuser -U root .... and return this: Could not add someuser to Domain Admins: NT_STATUS_ACCESS_DENIED Does anybody know why can't add a user to the group? Why Samba net utility isn't showing the list of members of my groups? I know that the "Domain Admins" group determines who can take control of machines joined to the Domain, but after the upgrade to Samba 3.5.x the list of members isn't working correctly. I would appreciate some help regarding this. I don't know if I need to add some extra configuration to smb.conf. I hope someone can help me. Thanks P.D.: Sorry, my english isn't too good -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba |