On Thu, 11 Sep 2003, Antoine Jacoutot wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On Thursday 11 September 2003 22:47, John H Terpstra wrote: > > Please explain precisely what you mean. What exact steps are you > > following? > > OK, I created 1 user, 1 computer and several groups. > One group is called domainadmins. I did a 'net groupmad add' to map it to > SID-512 (Windows Domain admins group). > My user's primarygroupID is SID-2001. > I added my user to domainadmins, which made me believe it then would be > considered as a Windows Domain administrator... but it does not work. However > it does work if instead if I set my user's primarygroupID to SID-512. > So my question is: can I have admin rights if my primarygroupID is not > domainadmins (supposing I'm part of domainadmins as I'm part of other groups > too).
The NT Group, Domain Admins, must have the well known RID=512 otherwise it is not seen by the Windows client as the Domain Admins group. PS: The Domain SID + the RID = the user SID. > Is it clearer ? (I'm sorry, English is not my first language) PS: English is not my first language either. Additionally, most who claim to speak English don't either! :) > For information, I'm running FreeBSD-5.1+LDAP+samba-3.0RC3 > > Thanks. - John T. -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
