Samba domain logon
Justin Bennett
justin.bennett at dynabrade.com
Mon Mar 15 09:04:13 EST 2004
As usual I have a weird one.
I have a samba 2.2.7 domain controller. Everyone logs onto the domain.
This is our remote europe site. They had admin rights, all memebers of a
@domadm group set as the domain admin group. Over the weekend I removed
most of the users from this group only allowing one person to be an admin.
After that the acting admin over there (an accountant) says people
didn't have their profiles (roaming in the users home).
He said he logged in as an admin
"and I created user 'user' with xxxx(our domain there) domain giving
administrators rights, then logged in as 'user', and she found all her
settings back again, inclunding printing. "
(keep in mind his native language is not english.) I'm not sure what he
did exactly thats why I included it, maybe someone has done something
similar and it rings a bell...
I thought he just created local users, however I verified they are still
logging into the domain, however they appear to have admin rights again.
It sounds like he used the GUI tool to try and grant admin rights on the domain. As far as I know as long as the user isn't in the domadm group they shouldn't have admin rights correct? Can this be cached on the machine?
Any ideas why they may have admin right still?
Justin
--
Justin Bennett
Network Administrator
RHCE (Redhat Certified Linux Engineer)
Dynabrade, Inc.
8989 Sheridan Dr.
Clarence, NY 14031
More information about the nflug
mailing list