Samba domain logon

Justin Bennett justin.bennett at dynabrade.com
Mon Mar 15 09:04:13 EST 2004


As usual I have a weird one.

I have a samba 2.2.7 domain controller. Everyone logs onto the domain. 
This is our remote europe site. They had admin rights, all memebers of a 
@domadm group set as the domain admin group. Over the weekend I removed 
most of the users from this group only allowing one person to be an admin.

After that the acting admin over there (an accountant) says people 
didn't have their profiles (roaming in the users home).

He said he logged in as an admin

"and I created user 'user' with xxxx(our domain there) domain giving 
administrators rights, then logged in as 'user', and she found all her 
settings back again, inclunding printing. "

(keep in mind his native language is not english.) I'm not sure what he 
did exactly thats why I included it, maybe someone has done something 
similar and it rings a bell...

I thought he just created local users, however I verified they are still 
logging into the domain, however they appear to have admin rights again.

It sounds like he used the GUI tool to try and grant admin rights on the domain. As far as I know as long as the user isn't in the domadm group they shouldn't have admin rights correct? Can this be cached on the machine?

Any ideas why they may have admin right still?

Justin


-- 
Justin Bennett
Network Administrator
RHCE (Redhat Certified Linux Engineer)
Dynabrade, Inc.
8989 Sheridan Dr.
Clarence, NY 14031
 




More information about the nflug mailing list