Hi jo here again ( Mr. FINALLY ) I think indeed this also applies to me, if i do 'getent group' i get
[EMAIL PROTECTED] var]# tail -f log.winbindd [2003/08/05 11:48:14, 0] nsswitch/winbindd_group.c:winbindd_getgrent(640) could not lookup domain group Domain Admins [2003/08/05 11:48:14, 0] nsswitch/winbindd_group.c:winbindd_getgrent(640) could not lookup domain group Domain Users and [EMAIL PROTECTED] root]# winbindd -d 1 -i winbindd version 2.2.8a started. Copyright The Samba Team 2000-2001 Added domain MYGROUP (S-1-5-21-2381868111-1096633346-2653114510) getting trusted domain list could not lookup membership for group rid 512 in domain MYGROUP could not lookup domain group Domain Admins could not lookup membership for group rid 513 in domain MYGROUP could not lookup domain group Domain Users so I guess it is exactly what you describe... however I do not find the pdbedit tool, I am using samba 2.2.8a maybe that's why? Where are groups stored then? AFAIK pdbedit is a generic way to edit the SAM in samba 3.0 since there it can be in ldap, a file, ... but in samba 2.2.8a should groups be in /etc/samba/smbpasswd file then? I only have three users in there : root, jo and client$ machine account... how come wbinfo -g finds the groups ?!?!?! Should I have an account admininstrator in smbpasswd or can you also add machines with root account? Thanks Jo On Tue, 5 Aug 2003 16:30:33 +0700 Beast wrote: > Tuesday, August 5, 2003, 8:33:07 AM, paul wrote: > > > 1. Change the "Primary Group SID" of your Administator to the SID of the > > "Domain Admins" global group. > > Well, to make it clear for everyone else, Requirements for domain > administator is you MUST set its group RID to 512. > No matter you have "Domain Admins" groupmapping or not. > > To make user able to add machine to domain, (unix) uid and gid must be > 0 no matter it belongs to nt domain admin or not at all. > > This should be written in documentation, otherwise it will confuse > anybody. > > well, i spent a whole week fight with this problem, however it 'just' > beta so it's my fault anyway to use beta sw. > > However samba3 seems promissing, Tks samba team! > > > > 2. Add something like "memberUID: Administrator" to the corresponding > > UNIX group of your "Domain Admins" group. > > This will not work. > "Domain Admins" group is still ok as long as you set GRID to 512. > > > > --beast > > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba NEOlabs - http://www.neolabs.be - mailto:[EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
