I think that most of my problems are somewhat resolved except for this last one. I can not get domain admin rights to the ntadmins users. I get the following output for groupmaps:
[EMAIL PROTECTED] i386]# net groupmap list System Operators (S-1-5-32-549) -> -1 Replicators (S-1-5-32-552) -> -1 Guests (S-1-5-32-546) -> -1 Domain Users (S-1-5-21-4130613172-3879250231-1853402206-513) -> users Domain Guests (S-1-5-21-3168668608-3928139368-1822977481-514) -> -1 Domain Admins (S-1-5-21-3168668608-3928139368-1822977481-512) -> -1 Domain Guests (S-1-5-21-1206063004-3966108128-1487570950-514) -> -1 Power Users (S-1-5-32-547) -> -1 Print Operators (S-1-5-32-550) -> -1 Administrators (S-1-5-32-544) -> -1 Account Operators (S-1-5-32-548) -> -1 Domain Admins (S-1-5-21-4130613172-3879250231-1853402206-512) -> ntadmins Domain Users (S-1-5-21-1206063004-3966108128-1487570950-513) -> -1 Domain Users (S-1-5-21-3168668608-3928139368-1822977481-513) -> -1 Domain Guests (S-1-5-21-4130613172-3879250231-1853402206-514) -> -1 Backup Operators (S-1-5-32-551) -> -1 Users (S-1-5-32-545) -> -1 Obviously there is a problem with the domain '*' SID because there are duplicates. Any idea how to correct this problem and get the users logged in with admin rights. I have RH EN v.3 and samba 3.0.0-14.3E from RH. I can see the users from the samba server and the users can log in, but no rights. Big problem. Now... I migrated from 2.2.3a to the above and I have all the tdb and I cahnged the SID to the last PDC. Anyway, how would I get the right SID? I have NTUSER.DAT files that I can run profiles against to read them. Would that help? First one that can point me in the right direction to get this resolved - I'll buy them a amazon gift cert for $50. Beats going bald from pulling out my hair. Andy Judge -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
