Operating System - Linux
1839185 Members
3904 Online
110137 Solutions
New Discussion

Re: RHEL5/Samba Client local rights

 
Rob Hausler
Occasional Advisor

RHEL5/Samba Client local rights

have migrated to RHEL5 from RHEL4 and while the logins are all working fine we cannot get the members of domadmin to have Domain Admins rights on the XP pro / Vista clients. .

We have done the
net groupmap add ntuser="Domain Admins" unixgroup=domadmin type=d
but this doesnt seem to work..

net groupmap shows
Domain Admins (S-1-5-21-3779496958-1255796685-868011268-1007) -> domadmin

any thoughts??
2 REPLIES 2
Ivan Ferreira
Honored Contributor

Re: RHEL5/Samba Client local rights

You RID for the Domain Admins is not correct, this RID must be 512 otherwise it wont work.

Use the following command:

# net groupmap add rid=512 ntgroup='Domain Admins' unixgroup='domadmin'

Also, you specify "ntuser" it should be "ntgroup".

I see in your profile "I have assigned points to 0 of 1 responses to my questions."

Please assign points to the answers you get. For mor information visit:

http://forums1.itrc.hp.com/service/forums/helptips.do?#28
Por que hacerlo dificil si es posible hacerlo facil? - Why do it the hard way, when you can do it the easy way?
Rob Hausler
Occasional Advisor

Re: RHEL5/Samba Client local rights

Ok i removed the ntgroup "Domain Admins" and added it back forcing a rid=512..

Thought it worked at first untill i tried other users.. still not working..

I performed further testing on my own user account - removed from all admin/root samba administration lists even removed from ntadmin unix group

I logged into the test pc on site - and i STILL HAD ADMIN RIGHTS. (no im not set as a local administrator via Control Panel/Users)

I even removed my profile from the server and logged into a pc I have NEVER logged into and I still have Local Domain Admin Rights.

I have tested this on my own Centos4 server and the moment I remove myself from the ntadmins unix group, log out of the xp pro client and then log back in - i loose Domain Admin rights, I re-add myself back and log out/in and i get them back.. So I know this works (or at least how it should)