Viewing post

Samba 3, Windows 7 and Domain Admins


It’s been for several weeks that I’ve been trying (and failing) to aquire Domain Admin status on our Samba domain.

With Windows 2000 and XP, administrative access was easy.  A local admin account called “administrator”, and a local policy stating who’s an administrator – all peachy.

You can tell I’m not a Windows administrator by job!  Obviously domain admins is a far cleaner way to go.

So I dip my toe into Windows 7 on a Samba 3 domain.

It works well.  Too well.  There’s a small issue with the workstations claiming “there’s no logon servers available to handle the request” for 60+ seconds from a cold-start, but I think that’s solvable (I suspect WINS, NetBIOS or DNS is failing to warm up in a timely manner).  The domain admins however eluded me.

“So it’s OK” I think to myself.  “Login as the local administrator – set some local policies up.  …  Oh wait, Windows 7 disabled those because I joined the domain and didn’t first give them passwords.  Sheesh!  Joining the domain admin group it is then.”

Well I searched the Internet and ripped my hair out.  Week after week the issue prevailed.  Windows 7 wouldn’t obey the “Domain Admin”.  “Elevated access required.”

Finally I trip across this:

The second guy motions that “Domain Admins” must be group ID 512 (in the Windows mapping) – and blam.

One Samba restart later … all works.

Check the documentation out at … specifically you’re looking for something like this:

net groupmap add rid=512 unixgroup=MYUNIXGROUPHERE type=domain

2 Responses to “Samba 3, Windows 7 and Domain Admins”

  1. Pkv Verband Says:

    Hello my family member! I wish to say that this post is amazing, great written and include almost all important infos. I’d like to see more posts like this .

  2. Dixie Says:

    I recently uploader a fresh video clip but have difficulty traffic generation as a result.

    I will take to your marketing on youtube tips (Dixie).

Leave a Reply