[Samba] WinXP registry problems on SMB PDC

0 visualizzazioni
Passa al primo messaggio da leggere

David Buechler

da leggere,
15 lug 2004, 21:30:0815/07/04
a
Hi all,

I recently moved off of an ancient NT4 PDC to a SMB PDC running Samba
3.0.4-1 on a RH9 box. I had absolutely no troubles joining the domain, and
other than a few login quirks every now and again, it is stable.

I am, however, experiencing what I believe to be a permissions issue with
the user profiles... my own, included. I am unable to make registry changes,
most notably with regards to Norton Antivirus. All users are currently in a
group mapped to Domain Admins, as most of the profiles had difficulties loading
without it... After a long weekend of profile copying, I figured that I'd
cross that bridge later. Regedit gives me a message, "Error opening key" while
navagating to HKEY_LOCAL_MACHINE\SOFTWARE\Symantec.

I'm almost certain it's a permissions problem, but I have been unable to
locate the source of the problem. Any help you could offer would be greatly
appreciated.

Thanks,
David A. Buechler
IT Manager,
Vision Computers, Inc.
http://www.visionman.com

Group Mappings:

System Operators (S-1-5-32-549) -> -1
Replicators (S-1-5-32-552) -> -1
Guests (S-1-5-32-546) -> -1
Domain Users (S-1-5-21-2725352828-4089093468-4083013522-513) -> users
Power Users (S-1-5-32-547) -> power
Domain Power Users (S-1-5-21-2725352828-4089093468-4083013522-515) -> power
Print Operators (S-1-5-32-550) -> -1
Administrators (S-1-5-32-544) -> localadmins
Account Operators (S-1-5-32-548) -> -1
Domain Admins (S-1-5-21-2725352828-4089093468-4083013522-512) -> domainadmins
Backup Operators (S-1-5-32-551) -> -1
Users (S-1-5-32-545) -> -1
Domain Guests (S-1-5-21-2725352828-4089093468-4083013522-514) -> nobody


----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba

Michael Lueck

da leggere,
15 lug 2004, 21:40:0615/07/04
a
Have you checked to see what your effective permissions are on the workstation. A good way to do this is with the M$ ISMember utility with the /list option. I ran into issues making group mapping work
properly.

I ended up greating four groups in /etc/group which would cover what permissions I want users to have when they log into Windows within the Windows OS. Then created four groups in Samba and mapped
between those Samba groups and the groups I had created in /etc/group. I kept them the same name in both places for sanity. I also limited them to 8 chars max.

Finally I did net localgroup commands on the workstations, removing the two that get added when you join the domain - local administrators to domain admins, and local users to domain users... as
domain and local permissions are different in my book and one should not assume a 1:1 relationship there. Anyway, added my four new domain groups to the four main local groups (Admin, Power User,
User, Guest) and baddabing-baddaboom I can manage local Windows permissions from /etc/group.

--
Michael Lueck
Lueck Data Systems

Remove the upper case letters NOSPAM to contact me directly.

Lewis Shobbrook

da leggere,
16 lug 2004, 01:00:1116/07/04
a
Hi David,

> I recently moved off of an ancient NT4 PDC to a SMB PDC
> running Samba 3.0.4-1 on a RH9 box. I had absolutely no
> troubles joining the domain, and other than a few login
> quirks every now and again, it is stable.
>
> I am, however, experiencing what I believe to be a
> permissions issue with the user profiles... my own, included.
> I am unable to make registry changes, most notably with
> regards to Norton Antivirus. All users are currently in a
> group mapped to Domain Admins, as most of the profiles had
> difficulties loading without it... After a long weekend of
> profile copying, I figured that I'd cross that bridge later.
> Regedit gives me a message, "Error opening key" while
> navagating to HKEY_LOCAL_MACHINE\SOFTWARE\Symantec.
>
> I'm almost certain it's a permissions problem, but I
> have been unable to locate the source of the problem. Any
> help you could offer would be greatly appreciated.

I have had a client who recently installed Symantec NAV 2004 on machines
running XP sp1a, the samba PDC is 3.0.4-2 on Debian unstable. (Not that
I think samba is the issue here)
The 2004 live-updates eventually killed the machines to point to where
they needed to be reinstalled (less work to do it that way anyway). NAV
would repeatedly complain of corrupt registry and ask for the product to
be re-installed. In the building I work in, Symantec have an their
local state office on the top floor. I overheard a conversation in the
lift, in the week following the initial release of 2004, words
describing in effect what eventually happened at my clients site.
No doubt my clients no longer have NAV 2004. And BTW I had advised them
against installing NAV 2004, but somehow they missed it.
2003 was no issue...
I suspect this may where your problems are coming from.

Cheers,

Lewis Shobbrook

Rispondi a tutti
Rispondi all'autore
Inoltra
0 nuovi messaggi