I agree, I have no idea how else to accomplish this, any help from the samba community is welcome.
On Fri, 2003-07-25 at 11:07, St�phane Purnelle wrote: > Hi, > > Imagine a network with 150 computers connected to a Samba PDC. > I don't want to set each machine that a "Domain Power Users" group is a > member of Local Power Users. > > Anyone can crarify the situation ? > > A PDC which cannot send a information that a user is a member of a > "Power Users" group is not valuable. Whan I think user member of a > Power Users Group, I translate a responsable user can have the > autorization for install software for example. > > > > > > > On Fri, 2003-07-25 at 17:15, George Farris wrote: > > My solution was to create a "Domain Power Users" group with net group > > map and assign an domain sid to it. I just incremented the highest sid > > in the group list, for example: > > > > net group map shows: > > System Operators (S-1-5-32-549) -> -1 > > Domain Guests (S-1-5-21-1135672234-1853056381-2991119365-514) -> -1 > > Replicators (S-1-5-32-552) -> -1 > > Guests (S-1-5-32-546) -> -1 > > Power Users (S-1-5-32-547) -> -1 > > Print Operators (S-1-5-32-550) -> -1 > > Domain Users (S-1-5-21-1135672234-1853056381-2991119365-513) -> -1 > > Administrators (S-1-5-32-544) -> -1 > > Account Operators (S-1-5-32-548) -> -1 > > Backup Operators (S-1-5-32-551) -> -1 > > Users (S-1-5-32-545) -> users > > Domain Admins (S-1-5-21-1135672234-1853056381-2991119365-512) -> dadmin > > > > Since S-1-5-21-1135672234-1853056381-2991119365-514 is the last number > > displayed I could use: S-1-5-21-1135672234-1853056381-2991119365-515 > > > > so > > > > "net groupmap add sid=S-1-5-21-1135672234-1853056381-2991119365-515 > > ntgroup="Domain Power Users" unixgroup=pwruser" > > > > will create the group. I then went to the workstation and added "Domain > > Power Users" to the local "Power Users" group. Now anyone being a > > member of pwruser is automatically a Power User on the workstation. > > > > > > Thanks for all your help samba list, I appreciate it. This is what > > makes open source so valuable. > > > > On Fri, 2003-07-25 at 03:32, Felipe Alfaro Solana wrote: > > > On Fri, 2003-07-25 at 12:17, Beast wrote: > > > > Friday, July 25, 2003, 5:09:31 PM, Felipe wrote: > > > > > > > > > On Fri, 2003-07-25 at 11:54, Beast wrote: > > > > >> > If Samba is acting as a domain controller (PDC), then it will only > > > > >> > mantain global groups. Local groups are only available on workstations > > > > >> > and member servers. > > > > >> > > > > >> This is incorrect. > > > > >> This is my smb.conf (Its PDC) : > > > > > > > > > Well, local groups do exist in domain controllers, but they are shared > > > > Yes :=) > > > > > > > > > between domain controllers exclusively. That is, a domain workstation > > > > > does have its own "Power Users" local group, which is totally different > > > > > from the "Power Users" local group of the domain controllers. > > > > > > > > That's why it called "Local" :=) > > > > > > I just wanted to clarify on this as I think there are people out there > > > that are adding users to the "Power Users" group of the domain hoping > > > that they will automatically become members of the "Power Users" local > > > group of their Windows workstations, and this won't work. > > -- > > George Farris [EMAIL PROTECTED] > > Computer Support Cowichan. -- George Farris [EMAIL PROTECTED] Computer Support Cowichan. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
