910 – domain admin rights only works for user, which primary group is domain admins

Bug 910 - domain admin rights only works for user, which primary group is domain admins

Summary: domain admin rights only works for user, which primary group is domain admins

Status:	CLOSED FIXED

Alias:	None

Product:	Samba 3.0
Classification:	Unclassified
Component:	Domain Control (show other bugs)
Version:	3.0.1
Hardware:	All Linux

Importance:	P3 normal
Target Milestone:	none
Assignee:	Samba Bugzilla Account
QA Contact:

URL:
Keywords:

Depends on:
Blocks:

Reported:	2003-12-22 08:57 UTC by maurer
Modified:	2005-08-24 10:22 UTC (History)
CC List:	0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description maurer 2003-12-22 08:57:16 UTC

If a user is a simple member of our unix "domain admins" group, and his primary
unix group is not "domain admins", he has no domain admin rights on a windows XP
client.
In the follwoing setting, the user has no admin rights:
[maurer@rioja maurer]$ id -a trinkl
uid=530(trinkl) gid=512(Domain Admins) Gruppen=512(Domain
Admins),544(Administrators),700(management),500(itsdgroup)


If I change the primary group of this user to domain admins, the rights on the
client are correct.
In this setting, the user has admin rights on the client.

[maurer@rioja maurer]$ id -a trinkl
uid=530(trinkl) gid=512(Domain Admins) Gruppen=512(Domain
Admins),544(Administrators),700(management),500(itsdgroup)

We were using samba 3.0.1 with ldap as passdb backend

if you need som logs, give me a note

Comment 1 Gerald (Jerry) Carter (dead mail address) 2005-02-05 07:38:43 UTC

please test 3.0.11 and reopen if necessary.  Note that the 
'Domain Admins' group has to have a rid of 512.

Comment 2 Gerald (Jerry) Carter (dead mail address) 2005-08-24 10:22:49 UTC

sorry for the same, cleaning up the database to prevent unecessary reopens of bugs.