Samba domain logon

Cyber Source peter at thecybersource.com
Mon Mar 15 09:29:45 EST 2004


It does sound like it's caching or,
1. Did you restart smb after changing?
2. Is there another group with these users in that might be allowing a 
loophole of some sort?



Justin Bennett wrote:

> As usual I have a weird one.
>
> I have a samba 2.2.7 domain controller. Everyone logs onto the domain. 
> This is our remote europe site. They had admin rights, all memebers of 
> a @domadm group set as the domain admin group. Over the weekend I 
> removed most of the users from this group only allowing one person to 
> be an admin.
>
> After that the acting admin over there (an accountant) says people 
> didn't have their profiles (roaming in the users home).
>
> He said he logged in as an admin
>
> "and I created user 'user' with xxxx(our domain there) domain giving 
> administrators rights, then logged in as 'user', and she found all her 
> settings back again, inclunding printing. "
>
> (keep in mind his native language is not english.) I'm not sure what 
> he did exactly thats why I included it, maybe someone has done 
> something similar and it rings a bell...
>
> I thought he just created local users, however I verified they are 
> still logging into the domain, however they appear to have admin 
> rights again.
>
> It sounds like he used the GUI tool to try and grant admin rights on 
> the domain. As far as I know as long as the user isn't in the domadm 
> group they shouldn't have admin rights correct? Can this be cached on 
> the machine?
>
> Any ideas why they may have admin right still?
>
> Justin
>
>



More information about the nflug mailing list