Hi there,
I'm running into interesting problem with win2k client system joining PDC on Samba.
PDC (called DOMAIN) configured with "domain admin group = @dadmins" and client is able
to successfully join the domain.
Let assume that we're logging in to win2k called COMPUTER as member of the @dadmins.
Now,
lets open Computer Management -> Local Users and Groups -> Groups -> Administrators
The entries will be (this is an example):
Administrator (this is local account)
DOMAIN\unix_group.2147483404
As far as I understand, record unix_group.[blah-blah] represents @dadmins and shows
absence of unix <-> windows groups translation (my guess is this is should be Domain
Admins,
as a native Windows group).
However, if the second entry somehow removed (intruder, mistake, etc.) the user is
unable to
login: his username/password will be accepted and then he will have continuously
restarted
explorer. Moreover, if user removed from domain admins group, he is unable to login at
all (I
assume that this is problem of permissions conflict -- he had full control and no he
has limited
control, but profile still keeps full control setting).
Here is another problem: if you're deleting this DOMAIN entry, you can't create it
again:
Windows doesn't know anything about unix_group.2147483404. It has Domain Admins, but if
you try to add it, client will respond with error -- "no such group".
Any comments/suggestion how to fix this?
--ivan
