SAMBA - Administrator doesn't have admin rights in domain

Stephen Allen freebsduk at rowyerboat.com
Sun Jul 2 03:41:22 BST 2006


Hello,

I posted this to the Samba mailing list too so don't spend ages 
replying, but I value all the expertise that you folks have given me so 
far so I decided to post this here too.  Please let me know if this is 
frowned upon.

I'm running FreeBSD-6.1, and Samba 3.0.22 with a Windows XP (SP2) client.

As per subject line, administrator doesn't have administrator rights on 
the workstation.

--- 'net groupmap list' gives,

Domain Admins (S-1-5-21-3323006203-4037909810-1162086780-3003) -> ntadmins

--- 'pdbedit -Lv' includes,

Unix username:        administrator
NT username:
Account Flags:        [U          ]
User SID:             S-1-5-21-3323006203-4037909810-1162086780-3006
Primary Group SID:    S-1-5-21-3323006203-4037909810-1162086780-3003

--- '/etc/passwd' includes,

administrator:*:1003:1001:Windows Domain 
Administrator:/home/administrator:/usr/sbin/nologin

--- '/etc/group' includes,
ntadmins:*:1001:


 From the above, I see that the Primary Group SID for the smb 
Administrator account is the same as the one listed for Domain Admins 
using pdbedit.  The 'administrator' password is the same for both smb 
and system accounts, and I can log in to the workstation successfully.

I even tried mapping Domain Admins to wheel, setting an smb password for 
root, and logging on to the client as "root" instead of administrator. 
I can write over the network to root's home, but I am sitll not an 
administrator of the Domain so I can't install software on the client.

Which step have I missed or what have I done wrong?

Many thanks,
Steve :)




More information about the Ukfreebsd mailing list