I am using a RedHat 9.0 file server. I just upgraded to Samba 3.0.0 from 2.2.8 which was just about seamless, except I do not have domain users with Admin rights on Samba 3.0.0 as I did in Samba 2.2.8. Is there a way to give admin rights to certain domain users in Samba 3.0.0 or do all users just have user rights?
The chapters that are of primary interest in respect of the question you raise are the one covering User Account Databases, and Group Mapping.
By default, if you use your unchanged smb.conf from Samba-2.2.x it should work, but with the change you have noted. The default "passdb backend" is the smbpasswd file that your old installation used.
The one thing you must accomodate is the new group mapping system. You need to map the Domain Users, Domain Admins and Domain Guests groups to valid UNIX groups. Such mapping is essential to proper domain permissions handling.
For example, to map the UNIX group "wheel" to the Windows Domain Admins group you must execute:
net groupmap modify ntgroup="Domain Admins" unixgroup=wheelThere are two ways you can give particular users Domain Administrator privileges:
a) By adding your users to the UNIX group that maps to the Windows Domain Admins group. For example, to grant the user "georgewb" Domain Admin control:
net groupmap modify ntgroup="Domain Admins" unixgroup=wheelNow add "georgewb" to the wheel group in your /etc/group file.
b) Make use of the "username map" facility. In your smb.conf file [globals] section, add:
username map = /etc/samba/smbusersIn /etc/samba/smbusers:
root = Administrator georgewbThis means the when "georgewb" logs on, he will be the Domain Administrator.
This was first published in November 2003