Bug 910 - domain admin rights only works for user, which primary group is domain admins
domain admin rights only works for user, which primary group is domain admins
Status: CLOSED FIXED
Product: Samba 3.0
Classification: Unclassified
Component: Domain Control
3.0.1
All Linux
: P3 normal
: none
Assigned To: Samba Bugzilla Account
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2003-12-22 08:57 UTC by maurer
Modified: 2005-08-24 10:22 UTC (History)
0 users

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description maurer 2003-12-22 08:57:16 UTC
If a user is a simple member of our unix "domain admins" group, and his primary
unix group is not "domain admins", he has no domain admin rights on a windows XP
client.
In the follwoing setting, the user has no admin rights:
[maurer@rioja maurer]$ id -a trinkl
uid=530(trinkl) gid=512(Domain Admins) Gruppen=512(Domain
Admins),544(Administrators),700(management),500(itsdgroup)


If I change the primary group of this user to domain admins, the rights on the
client are correct.
In this setting, the user has admin rights on the client.

[maurer@rioja maurer]$ id -a trinkl
uid=530(trinkl) gid=512(Domain Admins) Gruppen=512(Domain
Admins),544(Administrators),700(management),500(itsdgroup)

We were using samba 3.0.1 with ldap as passdb backend

if you need som logs, give me a note
Comment 1 Gerald (Jerry) Carter 2005-02-05 07:38:43 UTC
please test 3.0.11 and reopen if necessary.  Note that the 
'Domain Admins' group has to have a rid of 512.
Comment 2 Gerald (Jerry) Carter 2005-08-24 10:22:49 UTC
sorry for the same, cleaning up the database to prevent unecessary reopens of bugs.