Samba domain logon

Carl Yost Jr carlyos at Buffalo.com
Mon Mar 15 09:44:21 EST 2004 

It shouldn't matter what the local resources are as long as the box is logging into the domain. It "should" ignore all local rights, and look to the DC for rights, and privileges....... 
----- Original Message -----
From: Justin Bennett <justin.bennett at dynabrade.com>
Date: Mon, 15 Mar 2004 09:32:33 -0500
To: nflug at nflug.org
Subject: Re: Samba domain logon

> Any way he could have given admin priv. to them on the local box? 
> Delegation wizard or something?
> 
> Justin Bennett
> Network Administrator
> RHCE (Redhat Certified Linux Engineer)
> Dynabrade, Inc.
> 8989 Sheridan Dr.
> Clarence, NY 14031
>  
> 
> 
> 
> On 03/15/2004 9:29 AM, Cyber Source wrote:
> 
> > It does sound like it's caching or,
> > 1. Did you restart smb after changing?
> > 2. Is there another group with these users in that might be allowing a 
> > loophole of some sort?
> >
> >
> >
> > Justin Bennett wrote:
> >
> >> As usual I have a weird one.
> >>
> >> I have a samba 2.2.7 domain controller. Everyone logs onto the 
> >> domain. This is our remote europe site. They had admin rights, all 
> >> memebers of a @domadm group set as the domain admin group. Over the 
> >> weekend I removed most of the users from this group only allowing one 
> >> person to be an admin.
> >>
> >> After that the acting admin over there (an accountant) says people 
> >> didn't have their profiles (roaming in the users home).
> >>
> >> He said he logged in as an admin
> >>
> >> "and I created user 'user' with xxxx(our domain there) domain giving 
> >> administrators rights, then logged in as 'user', and she found all 
> >> her settings back again, inclunding printing. "
> >>
> >> (keep in mind his native language is not english.) I'm not sure what 
> >> he did exactly thats why I included it, maybe someone has done 
> >> something similar and it rings a bell...
> >>
> >> I thought he just created local users, however I verified they are 
> >> still logging into the domain, however they appear to have admin 
> >> rights again.
> >>
> >> It sounds like he used the GUI tool to try and grant admin rights on 
> >> the domain. As far as I know as long as the user isn't in the domadm 
> >> group they shouldn't have admin rights correct? Can this be cached on 
> >> the machine?
> >>
> >> Any ideas why they may have admin right still?
> >>
> >> Justin
> >>
> >>

-- 
_______________________________________________
http://www.Buffalo.com , WNY's #1 Website

Powered by Outblaze

More information about the nflug mailing list