Koozali.org: home of the SME Server
Legacy Forums => Experienced User Forum => Topic started by: crusader on October 01, 2004, 08:56:49 AM
-
Can someone tell me if there are more posibilities to change the settings for the samba dc, like adding user to administrator group or similar thing's?
If not how can I change these settings otherwise?
-
Dungog has a contrib for user panel that will let you give a user rights to do just about everything (except join another computer to the domain)
Bob
-
Can someone tell me if there are more posibilities to change the settings for the samba dc, like adding user to administrator group or similar thing's?
If not how can I change these settings otherwise?
Yes, there certainly is. Do the following:
1. Create a new user group in the server-manager called "da" and add any users who you want to have domain administrator rights to this group.
2. Open a shell session and log in as root.
3. Make a custom-template dir for smb.conf: mkdir -p /etc/e-smith/templates-custom/etc/smb.conf
4. At the shell, change dirs to the custom smb.conf dir: cd etc/e-smith/templates-custom/etc/smb.conf
5. Create a domain admins template fragment: pico 11domainAdminGroup
6. Paste the following the pico session:
domain admin group = @da
7. Save the fragment and exit pico.
8. Expand smb.conf: /sbin/e-smith/expand-template /etc/smb.conf
9. Restart Samba: /etc/rc.d/init.d/smb restart
OK, you should now be good to go. Log out of a windows client, then back in again. You should now have domain admin user rights on that machine.
Greg Zartman
-
6. Paste the following the pico session:
domain admin group = @da
As of Samba 3 the "domain admin group" setting is not supported anymore: http://lists.samba.org/archive/samba/2003-September/073602.html
There is however another way to create a group of domain admins: http://lists.samba.org/archive/samba/2004-February/081076.html
[list=1]- Create a group and add the suers you want to be domain administrator
- Get command line access and issue the following command:
net groupmap add ntgroup="Domain Admins" unixgroup=groupname
For instance you created a group called "admins" which would result in the following command:
net groupmap add ntgroup="Domain Admins" unixgroup=admins
[/list:o]
You will probably need to logout of windows and back in again for the privileges to be rolled out.
-
To see a list of all the groups:
net rpc group list --user=admin
To see the list of members of a group:
net rpc group members "Domain Admins" --user=admin
-
6. Paste the following the pico session:
domain admin group = @da
As of Samba 3 the "domain admin group" setting is not supported anymore: http://lists.samba.org/archive/samba/2003-September/073602.html
There is however another way to create a group of domain admins: http://lists.samba.org/archive/samba/2004-February/081076.html
[list=1]- Create a group and add the suers you want to be domain administrator
- Get command line access and issue the following command:
net groupmap add ntgroup="Domain Admins" unixgroup=groupname
For instance you created a group called "admins" which would result in the following command:
net groupmap add ntgroup="Domain Admins" unixgroup=admins
[/list:o]
You will probably need to logout of windows and back in again for the privileges to be rolled out.
It can be done even better per server-manager:
Create a user group with any name you like but put "Domain Admins" in the group description/Windows name, this will assign this group as Domain Administrators
-
cactus,
How does this apply to SME7?
Thanks,
-
cactus,
How does this apply to SME7?
Thanks,
Do you mean if it also changes the admin user for the server-manager to the members of the domain admins group. Unfortunately not... I have already filed a bug (http://bugs.contribs.org/show_bug.cgi?id=1463) for that, but if you mean user rights on directories that works pretty well, ibays that were normally owned by the admin user seems now to be owned by the domain admins group.
I have not hunted for other issues, but maybe you can adapt the httpd.conf file for the admin interface to change the
require user admin
to
require group domainadmingroup
(located in the deault template /etc/e-smith/templates/etc/httpd/admin-conf/httpd.conf/90e-smithAccess20manager)
You can also change the printer admin in the samba configuration files, but I have not fully tested this (for instance installing drivers as a member of the domain admins group other then the default admin user).
As stated before I did not test much, only al little bit on the printer admin group.
-
Dungog has a contrib for user panel that will let you give a user rights to do just about everything (except join another computer to the domain)
Bob
Does anyone know which Dungog.net contrib crazybob is referring to? I am trying to give admin priveledges to a user in a very small office to a client with a 6.5 box that they will not let me upgrade.
Chris G.
-
This contrib delegates rights for users that need to access the admin panels. I'm not using Dungog's version theres a contrib that works the same.
Snip from Dungog's site:
Delegation
To delegate panels to users on your internal network, open your server-manager > user panel access
Select a user and check the box next to the functions they are allowed to use.
You can select the global user to allow everyone to access specific panels. The userpanel-* type are designed for users, although you may not want to assign all functions. By default the change password and email forwarding are allowed for all users.
To allow access from the internet add the IP address or range to the remote access panel of the server manager.
http://www.dungog.net/sme/panels/User%20Manager%20Panel%20Access.html
-
I should have clarified that I meant to Windows Admin rights (priveleges)...not rights to the server-manager.
Is there any contrib or how-to to do this in SME 6.5?
Chris G.
-
I don't think there is a way to have that sort of granular controll over user rights. You can however make them a local administrator on each machine but if you have a lot of workstations that might be a pain.