Samba domain logon

Carl Yost Jr carlyos at Buffalo.com
Mon Mar 15 09:45:06 EST 2004 

" This person is on a winblows box?"

LOL this group makes me laugh :)


----- Original Message -----
From: Cyber Source <peter at thecybersource.com>
Date: Mon, 15 Mar 2004 09:43:21 -0500
To: nflug at nflug.org
Subject: Re: Samba domain logon

> This person is on a winblows box? anything is possible, especially with 
> xp. Can you log on from a different windows box there at your place with 
> this persons credentials and see what you get?
> 
> Justin Bennett wrote:
> 
> > Any way he could have given admin priv. to them on the local box? 
> > Delegation wizard or something?
> >
> > Justin Bennett
> > Network Administrator
> > RHCE (Redhat Certified Linux Engineer)
> > Dynabrade, Inc.
> > 8989 Sheridan Dr.
> > Clarence, NY 14031
> >
> >
> >
> >
> > On 03/15/2004 9:29 AM, Cyber Source wrote:
> >
> >> It does sound like it's caching or,
> >> 1. Did you restart smb after changing?
> >> 2. Is there another group with these users in that might be allowing 
> >> a loophole of some sort?
> >>
> >>
> >>
> >> Justin Bennett wrote:
> >>
> >>> As usual I have a weird one.
> >>>
> >>> I have a samba 2.2.7 domain controller. Everyone logs onto the 
> >>> domain. This is our remote europe site. They had admin rights, all 
> >>> memebers of a @domadm group set as the domain admin group. Over the 
> >>> weekend I removed most of the users from this group only allowing 
> >>> one person to be an admin.
> >>>
> >>> After that the acting admin over there (an accountant) says people 
> >>> didn't have their profiles (roaming in the users home).
> >>>
> >>> He said he logged in as an admin
> >>>
> >>> "and I created user 'user' with xxxx(our domain there) domain giving 
> >>> administrators rights, then logged in as 'user', and she found all 
> >>> her settings back again, inclunding printing. "
> >>>
> >>> (keep in mind his native language is not english.) I'm not sure what 
> >>> he did exactly thats why I included it, maybe someone has done 
> >>> something similar and it rings a bell...
> >>>
> >>> I thought he just created local users, however I verified they are 
> >>> still logging into the domain, however they appear to have admin 
> >>> rights again.
> >>>
> >>> It sounds like he used the GUI tool to try and grant admin rights on 
> >>> the domain. As far as I know as long as the user isn't in the domadm 
> >>> group they shouldn't have admin rights correct? Can this be cached 
> >>> on the machine?
> >>>
> >>> Any ideas why they may have admin right still?
> >>>
> >>> Justin
> >>>
> >>>

-- 
_______________________________________________
http://www.Buffalo.com , WNY's #1 Website

Powered by Outblaze

More information about the nflug mailing list