Samba domain logon

Justin Bennett justin.bennett at dynabrade.com
Mon Mar 15 09:28:17 EST 2004 

I do everthing on the linux side also, He did something with the gui 
tools though. I'm not sure what. Everytime I've played with them they've 
just errored.  I'm not sure what he could have done

Justin Bennett
Network Administrator
RHCE (Redhat Certified Linux Engineer)
Dynabrade, Inc.
8989 Sheridan Dr.
Clarence, NY 14031
 



On 03/15/2004 9:18 AM, Carl Yost Jr wrote:

>Anyone I have ever taken out of the admin group has lost their rights :(. I have never used the NT/2k Gui util to add users for the Domain though. I have never seen people losing the roaming profiles, except when the admin group had permission to the profile folder on the linux box, I had to adjust the permissions back to the user and then they could log back in right. Again though I do everything through the linux side, and nothing through the MS side :(. I create the profile folders manually. Everytime I have had someone loose their romaing profile, it had something to do with permissions on the profile folder. Sorry can't be much more help :(......
>
>----- Original Message -----
>From: Justin Bennett <justin.bennett at dynabrade.com>
>Date: Mon, 15 Mar 2004 09:04:13 -0500
>To: nflug at nflug.org
>Subject: Samba domain logon 
>
>  
>
>>As usual I have a weird one.
>>
>>I have a samba 2.2.7 domain controller. Everyone logs onto the domain. 
>>This is our remote europe site. They had admin rights, all memebers of a 
>>@domadm group set as the domain admin group. Over the weekend I removed 
>>most of the users from this group only allowing one person to be an admin.
>>
>>After that the acting admin over there (an accountant) says people 
>>didn't have their profiles (roaming in the users home).
>>
>>He said he logged in as an admin
>>
>>"and I created user 'user' with xxxx(our domain there) domain giving 
>>administrators rights, then logged in as 'user', and she found all her 
>>settings back again, inclunding printing. "
>>
>>(keep in mind his native language is not english.) I'm not sure what he 
>>did exactly thats why I included it, maybe someone has done something 
>>similar and it rings a bell...
>>
>>I thought he just created local users, however I verified they are still 
>>logging into the domain, however they appear to have admin rights again.
>>
>>It sounds like he used the GUI tool to try and grant admin rights on the domain. As far as I know as long as the user isn't in the domadm group they shouldn't have admin rights correct? Can this be cached on the machine?
>>
>>Any ideas why they may have admin right still?
>>
>>Justin
>>
>>
>>-- 
>>Justin Bennett
>>Network Administrator
>>RHCE (Redhat Certified Linux Engineer)
>>Dynabrade, Inc.
>>8989 Sheridan Dr.
>>Clarence, NY 14031
>> 
>>
>>    
>>
>
>  
>

More information about the nflug mailing list