Samba domain logon

[Justin Bennett]

Any way he could have given admin priv. to them on the local box? 
Delegation wizard or something?

Justin Bennett
Network Administrator
RHCE (Redhat Certified Linux Engineer)
Dynabrade, Inc.
8989 Sheridan Dr.
Clarence, NY 14031
 



On 03/15/2004 9:29 AM, Cyber Source wrote:

> It does sound like it's caching or,
> 1. Did you restart smb after changing?
> 2. Is there another group with these users in that might be allowing a 
> loophole of some sort?
>
>
>
> Justin Bennett wrote:
>
>> As usual I have a weird one.
>>
>> I have a samba 2.2.7 domain controller. Everyone logs onto the 
>> domain. This is our remote europe site. They had admin rights, all 
>> memebers of a @domadm group set as the domain admin group. Over the 
>> weekend I removed most of the users from this group only allowing one 
>> person to be an admin.
>>
>> After that the acting admin over there (an accountant) says people 
>> didn't have their profiles (roaming in the users home).
>>
>> He said he logged in as an admin
>>
>> "and I created user 'user' with xxxx(our domain there) domain giving 
>> administrators rights, then logged in as 'user', and she found all 
>> her settings back again, inclunding printing. "
>>
>> (keep in mind his native language is not english.) I'm not sure what 
>> he did exactly thats why I included it, maybe someone has done 
>> something similar and it rings a bell...
>>
>> I thought he just created local users, however I verified they are 
>> still logging into the domain, however they appear to have admin 
>> rights again.
>>
>> It sounds like he used the GUI tool to try and grant admin rights on 
>> the domain. As far as I know as long as the user isn't in the domadm 
>> group they shouldn't have admin rights correct? Can this be cached on 
>> the machine?
>>
>> Any ideas why they may have admin right still?
>>
>> Justin
>>
>>