Samba domain logon

Cyber Source peter at thecybersource.com
Mon Mar 15 09:43:21 EST 2004 

This person is on a winblows box? anything is possible, especially with 
xp. Can you log on from a different windows box there at your place with 
this persons credentials and see what you get?

Justin Bennett wrote:

> Any way he could have given admin priv. to them on the local box? 
> Delegation wizard or something?
>
> Justin Bennett
> Network Administrator
> RHCE (Redhat Certified Linux Engineer)
> Dynabrade, Inc.
> 8989 Sheridan Dr.
> Clarence, NY 14031
>
>
>
>
> On 03/15/2004 9:29 AM, Cyber Source wrote:
>
>> It does sound like it's caching or,
>> 1. Did you restart smb after changing?
>> 2. Is there another group with these users in that might be allowing 
>> a loophole of some sort?
>>
>>
>>
>> Justin Bennett wrote:
>>
>>> As usual I have a weird one.
>>>
>>> I have a samba 2.2.7 domain controller. Everyone logs onto the 
>>> domain. This is our remote europe site. They had admin rights, all 
>>> memebers of a @domadm group set as the domain admin group. Over the 
>>> weekend I removed most of the users from this group only allowing 
>>> one person to be an admin.
>>>
>>> After that the acting admin over there (an accountant) says people 
>>> didn't have their profiles (roaming in the users home).
>>>
>>> He said he logged in as an admin
>>>
>>> "and I created user 'user' with xxxx(our domain there) domain giving 
>>> administrators rights, then logged in as 'user', and she found all 
>>> her settings back again, inclunding printing. "
>>>
>>> (keep in mind his native language is not english.) I'm not sure what 
>>> he did exactly thats why I included it, maybe someone has done 
>>> something similar and it rings a bell...
>>>
>>> I thought he just created local users, however I verified they are 
>>> still logging into the domain, however they appear to have admin 
>>> rights again.
>>>
>>> It sounds like he used the GUI tool to try and grant admin rights on 
>>> the domain. As far as I know as long as the user isn't in the domadm 
>>> group they shouldn't have admin rights correct? Can this be cached 
>>> on the machine?
>>>
>>> Any ideas why they may have admin right still?
>>>
>>> Justin
>>>
>>>

More information about the nflug mailing list