Looks good so far, make sure your "Administrator" is a member of your "Domain Admin" group. I'm not sure about how samba checks that, but there are only two possible ways to do it I can think of right now.It was help me much, because i though the groupmap is just cosmetic on this release and still not usable :-) Glad to see that it works, it gives me confidence to try it more harder.
May i know how you do it?
This is my environment : RH9, samba 3.0b3, openldap 2.1.21 All accounts are on ldap
[EMAIL PROTECTED] root]# net groupmap list Domain Admins (S-1-5-21-2897595519-3619093474-3625347041-512) -> root [EMAIL PROTECTED] root]# getent passwd |grep administrator administrator:x:0:0:Administrator:/home/administrator:/sbin/nologin [EMAIL PROTECTED] root]# getent group |grep administrator administrator:x:0: [EMAIL PROTECTED] root]# pdbedit -Lv administrator Unix username: administrator NT username: administrator Account Flags: [U ] User SID: S-1-5-21-2897595519-3619093474-3625347041-1000 Primary Group SID: S-1-5-21-2897595519-3619093474-3625347041-1001 Full Name: Administrator Home Directory: HomeDir Drive: Logon Script: logon.bat Profile Path: Domain: DJKT Account desc: ...
With admin uid 0, i can use admin to add machine trust, but when login w2k client can not recognized it as domain admin (ie. can not change IP address on client machine etc.)
1. Change the "Primary Group SID" of your Administator to the SID of the "Domain Admins" global group.
2. Add something like "memberUID: Administrator" to the corresponding UNIX group of your "Domain Admins" group.
good luck Paul
-- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
