We just went over this in depth on this list, please check the archives from the last two weeks, search for power user.
On Wed, 2003-07-30 at 18:35, Boogerman wrote: > Hello everyone! > > I've been testing the 3.0 beta 3 (I've just upgraded from 2.2.7), and made a > PDC configuration with Windows XP Pro clients. Everything works fine, > however, I'm fine tuning the NT and Unix group mapping; in particular, I > want to map the Unix group 'users' to the NT group 'Power Users'. > > I've tried: > net groupmap modify ntgroup="Power Users" unixgroup=users > with no success. > If I do, however > net groupmap modify ntgroup="Domain Admins" unixgroup=users > users are granted admin privileges > > I've read the groupmapping chapter of the howto collection > (http://us1.samba.org/samba/devel/docs/html/Samba-HOWTO-Collection.html#grou > pmapping) and still got no clue (If anyone can point me to a more detailed > document by all means do so). > > Here's my `net groupmap list`: > > System Operators (S-1-5-32-549) -> -1 > Domain Admins (S-1-5-21-1734957725-2317673715-2873464621-512) -> -1 > Replicators (S-1-5-32-552) -> -1 > Guests (S-1-5-32-546) -> -1 > Domain Guests (S-1-5-21-1734957725-2317673715-2873464621-514) -> -1 > Power Users (S-1-5-32-547) -> users > Print Operators (S-1-5-32-550) -> -1 > Administrators (S-1-5-32-544) -> -1 > Domain Users (S-1-5-21-1734957725-2317673715-2873464621-513) -> -1 > Account Operators (S-1-5-32-548) -> -1 > Backup Operators (S-1-5-32-551) -> -1 > Users (S-1-5-32-545) -> -1 > > And my smb.conf: > > [global] > netbios name = Natsumi > server string = Linux Server > workgroup = BoogerSoft > passdb backend = smbpasswd > > hosts allow = 192.168.0. 127.0.0.1 > > ;act as domain and master browser > os level = 64 > preferred master = yes > domain master = yes > local master = yes > > security = user > > encrypt passwords = yes > > domain logons = yes > > ;if this causes problems change it to \\%N\profile\%U > logon path = \\%N\%U\profile > logon drive = H: > > ;for win9x clients > ;logon home = \\%N\%U\profile > > ;logon script, relative to the [netlogon] share > logon script = logon.cmd > > ;neither of these seem to work with 3.0 > ;client code page = 850 > ;character set = ISO8859-1 > > [netlogon] > comment = Network Logon Service > path = /usr/local/samba/lib/netlogon > read only = yes > write list = ntadmin > > [homes] > comment = Home Directories > browseable = no > writable = yes > create mask = 0600 > directory mask = 0700 > > And I am getting this in log.smbd when I do the "Power User" thing: > [2003/07/30 21:25:53, 1] rpc_server/srv_netlog_nt.c:_net_sam_logon(710) > _net_sam_logon: user BOOGERSOFT\boogerman has user sid > S-1-5-21-1734957725-2317673715-2873464621-3000 > but group sid S-1-5-32-547. > The conflicting domain portions are not supported for NETLOGON calls > > And also this: > [2003/07/30 21:33:43, 0] rpc_server/srv_util.c:get_domain_user_groups(362) > get_domain_user_groups: primary gid of user [boogerman] is not a Domain > group! > get_domain_user_groups: You should fix it, NT doesn't like that > > (I don't fully understand the messages, so any explanations will be > appreciated) > > Well, that's too much, probably I got everything missconfigured (hey, after > all, it's my first PDC with 3.0). I hope someone will be able to help me > figure this one out... -- George Farris [EMAIL PROTECTED] Computer Support Cowichan. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
