Hello, i am actually working on samba 3.0rc2 (with OpenLDAP) and i have problems joigning a workstation to the domain. With samba 2.2, a user could be in the NT "Domain Admins" group if he was a member of the unix group that has a gid=512. This user could then join any windows workstation with his account. How can we do this now with samba 3.0 ? When i tried to create a mapping group with the following command $ net groupmap add ntgroup="Domain Admins" unixgroup=ntadmin i can see that modifications are ok (modifications are done in the directory) : > [EMAIL PROTECTED] samba]# net groupmap list > Domain Admins (S-1-5-21-2164124757-1843210704-924125028-3001) -> ntadmin but any member of the "ntadmin" group can't make a workstation joigning the +domain; only a user that has an uid=0 can (or a user called root). Is this a feature or not ? Does this is planed to be modified or not ? I have the same question for printer administrators. I map the unix group printadm as this: $ net groupmap add ntgroup="Print Operators" unixgroup=printadm $ net groupmap list > Domain Admins (S-1-5-21-1332624008-131130509-4129472247-3001) -> admin1 > Domain Admins (S-1-5-21-1332624008-131130509-4129472247-2025) -> admin2 > Print Operators (S-1-5-21-1332624008-131130509-4129472247-3003) -> printadm and add the directive in smb.conf: > printer admin = @printadm but any member member of the unix group printadm can't add a samba printer. Did i forgot something ? btw, do we need to have a sambaSID for the ntadmin group to end with "-512", or is does not matter (i suppose that it does not matter, but i prefer to be sur) ? Thanks for any precisions.
-- J�r�me -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
