2 ns 7.6, each with user administrator both part of domain_admins but only one has full access to the ui

activedirectory

#1

2 ns 7.6, each with user administrator both part of domain_admins but only one has full access to the server manager interface.

What up with that?


#2

I checked another nsdc on another network and its administrator has full access to the server manager interface, most curious.


(Davide Principi) #3

By default administrator is disabled in ns7. Check the administrator account has not expired and is actually enabled. Try to reset its password.


#4

@davidep I wasn’t clear enough, when I said ‘full access’ I meant that on one out of 3 I’ve tried of the nsdc machines, the administrator user logs in over https using a browser as a basic user, meaning all that’s presented is the password change page, none of the other functions of the server manager, like network or users and groups or dns or dhcp etc, etc, just the password change. I went ahead and changed its password as you suggested anyway but it still logs in as a basic user.


(Davide Principi) #5

I’m sorry I didn’t understand!

Can you try with admin instead?

Please run this command and paste here its output:

 getent group "domain admins"
 id administrator

Should be domain admins with a space


#6

@davidep

[root@server7c ~]#  id administrator
uid=1318000500(administrator@mydomain.com) gid=1318000513(domain users@mydomain.com) groups=1318000513(domain users@mydomain.com),1318000519(enterprise admins@mydomain.com),1318000520(group policy creator owners@mydomain.com),1318000572(denied rodc password replication group@mydomain.com),1318000512(domain admins@mydomain.com),1318000518(schema admins@mydomain.com)
[root@server7c ~]# getent group "domain admins"
domain admins@mydomain.com:*:1318000512:administrator@mydomain.com,admin@mydomain.com

doesn’t accept admin at the NS https login, password failure… it’s the nextcloud admin and does work on the NextCloud login.


(Davide Principi) #7

The admin user of NextCloud is not the admin of NethServer: their passwords are not expected to match.


#8

omg. I completely forgot about the whole nc admin thing.

So yes, the admin user can log in with full control of the server, the administrator logs in as a user with only the password reset available, whereas on the other machine, administrator logs in with full control of the server.


(Davide Principi) #9

The game is to find the differences…

Did you change some DB settings?

 config show admins

#10

No

administrator full access

[root@server9b ~]# config show admins
admins=configuration
    group=domain admins
    user=admin

administrator password reset only

[root@server7c ~]# config show admins
admins=configuration
    group=administrators
    user=admin

(Davide Principi) #11

To fix your issue:

 config setprop admins group "domain admins"

I don’t know why you have administrators … I can’t recall if it was the original prop default value. The answer is in the git log.