> -----Original Message----- > From: Gerald (Jerry) Carter [mailto:[EMAIL PROTECTED]
> |>IMHO groupmapping doesnt fill that hole, because whatever > groupmap entry > |>doesn't give admin rights on LDAP. > > You're thinking about this from the wrong perspective. > The 'domain admin group' from 3.0 was a limited way to > handle group mapping. Instead of being a smb.conf parameter, > the domain admin group is now a mapping between the domain > admins SID and a unix gid. The check will be pretty much > the same. We'll just make the domain admin sid against > the current user's NT_TOKEN. > > | Honestly said, the parameter "domain admin group" should come back. > | Some say it isn't necessary. > > No. I can fix this just using the group mapping > entry for "Domain Admins". We'll fix it post 3.0.0. This LDAP access check for group mapping entry for "Domain Admins" is a good idea and I'm glad to hear, that solution is coming. After some time, but hopefully it comes... rgds, - Rauno Tuul - -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
