Samba domain logon

Carl Yost Jr carlyos at Buffalo.com
Mon Mar 15 09:18:17 EST 2004 

Anyone I have ever taken out of the admin group has lost their rights :(. I have never used the NT/2k Gui util to add users for the Domain though. I have never seen people losing the roaming profiles, except when the admin group had permission to the profile folder on the linux box, I had to adjust the permissions back to the user and then they could log back in right. Again though I do everything through the linux side, and nothing through the MS side :(. I create the profile folders manually. Everytime I have had someone loose their romaing profile, it had something to do with permissions on the profile folder. Sorry can't be much more help :(......

----- Original Message -----
From: Justin Bennett <justin.bennett at dynabrade.com>
Date: Mon, 15 Mar 2004 09:04:13 -0500
To: nflug at nflug.org
Subject: Samba domain logon 

> As usual I have a weird one.
> 
> I have a samba 2.2.7 domain controller. Everyone logs onto the domain. 
> This is our remote europe site. They had admin rights, all memebers of a 
> @domadm group set as the domain admin group. Over the weekend I removed 
> most of the users from this group only allowing one person to be an admin.
> 
> After that the acting admin over there (an accountant) says people 
> didn't have their profiles (roaming in the users home).
> 
> He said he logged in as an admin
> 
> "and I created user 'user' with xxxx(our domain there) domain giving 
> administrators rights, then logged in as 'user', and she found all her 
> settings back again, inclunding printing. "
> 
> (keep in mind his native language is not english.) I'm not sure what he 
> did exactly thats why I included it, maybe someone has done something 
> similar and it rings a bell...
> 
> I thought he just created local users, however I verified they are still 
> logging into the domain, however they appear to have admin rights again.
> 
> It sounds like he used the GUI tool to try and grant admin rights on the domain. As far as I know as long as the user isn't in the domadm group they shouldn't have admin rights correct? Can this be cached on the machine?
> 
> Any ideas why they may have admin right still?
> 
> Justin
> 
> 
> -- 
> Justin Bennett
> Network Administrator
> RHCE (Redhat Certified Linux Engineer)
> Dynabrade, Inc.
> 8989 Sheridan Dr.
> Clarence, NY 14031
>  
> 

-- 
_______________________________________________
http://www.Buffalo.com , WNY's #1 Website

Powered by Outblaze

More information about the nflug mailing list