Q

Admin rights for users in Samba 3.0.0

I am using a RedHat 9.0 file server. I just upgraded to Samba 3.0.0 from 2.2.8 which was just about seamless, except I do not have domain users with Admin rights on Samba 3.0.0 as I did in Samba 2.2.8. Is there a way to give admin rights to certain domain users in Samba 3.0.0 or do all users just have user rights? As you correctly point out, Samba-3 behaves a little differently than does Samba-2.2.x. That is why it is important to read...

the Samba-HOWTO-Collection.pdf that ships with Samba-3. You can buy this in hard copy from your local bookstore (or Amazon.Com) as "The Official Samba-3 HOWTO and Reference Guide."

The chapters that are of primary interest in respect of the question you raise are the one covering User Account Databases, and Group Mapping.

By default, if you use your unchanged smb.conf from Samba-2.2.x it should work, but with the change you have noted. The default "passdb backend" is the smbpasswd file that your old installation used.

The one thing you must accomodate is the new group mapping system. You need to map the Domain Users, Domain Admins and Domain Guests groups to valid UNIX groups. Such mapping is essential to proper domain permissions handling.

For example, to map the UNIX group "wheel" to the Windows Domain Admins group you must execute:

net groupmap modify ntgroup="Domain Admins" unixgroup=wheel
There are two ways you can give particular users Domain Administrator privileges:

a) By adding your users to the UNIX group that maps to the Windows Domain Admins group. For example, to grant the user "georgewb" Domain Admin control:

net groupmap modify ntgroup="Domain Admins" unixgroup=wheel
Now add "georgewb" to the wheel group in your /etc/group file.

b) Make use of the "username map" facility. In your smb.conf file [globals] section, add:

username map = /etc/samba/smbusers
In /etc/samba/smbusers:
root = Administrator georgewb
This means the when "georgewb" logs on, he will be the Domain Administrator.
This was first published in November 2003

Dig deeper on Open source Web and application servers

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchDataCenter

SearchServerVirtualization

SearchCloudComputing

SearchEnterpriseDesktop

Close