Samba domain logon
Cyber Source
peter at thecybersource.com
Mon Mar 15 09:29:45 EST 2004
It does sound like it's caching or,
1. Did you restart smb after changing?
2. Is there another group with these users in that might be allowing a
loophole of some sort?
Justin Bennett wrote:
> As usual I have a weird one.
>
> I have a samba 2.2.7 domain controller. Everyone logs onto the domain.
> This is our remote europe site. They had admin rights, all memebers of
> a @domadm group set as the domain admin group. Over the weekend I
> removed most of the users from this group only allowing one person to
> be an admin.
>
> After that the acting admin over there (an accountant) says people
> didn't have their profiles (roaming in the users home).
>
> He said he logged in as an admin
>
> "and I created user 'user' with xxxx(our domain there) domain giving
> administrators rights, then logged in as 'user', and she found all her
> settings back again, inclunding printing. "
>
> (keep in mind his native language is not english.) I'm not sure what
> he did exactly thats why I included it, maybe someone has done
> something similar and it rings a bell...
>
> I thought he just created local users, however I verified they are
> still logging into the domain, however they appear to have admin
> rights again.
>
> It sounds like he used the GUI tool to try and grant admin rights on
> the domain. As far as I know as long as the user isn't in the domadm
> group they shouldn't have admin rights correct? Can this be cached on
> the machine?
>
> Any ideas why they may have admin right still?
>
> Justin
>
>
More information about the nflug
mailing list