Firstly I apologise for the length of this query but I am hoping that if I document everything I did someone might respond / be able to help.
My Configuration is Samba 3.0.2a as a PDC on Redhat 8. I cannot for the life of me get the "Domain Admins" functionality to work I am hoping that another set of eyes can shed some light on this problem as I have now spent 41 hrs googling / reading samba docs / configuring samba and linux. I am using the tdbsam backend [global] ---snip---- domain master = yes local master = yes preferred master = yes domain logons = yes passdb backend = tdbsam ---snip---- I have the following unix groups: GrpName GID ======== ==== ntadmins 702 users 100 mikey 700 administrator 703 I have the following users: UsrName GID Primary Group Groups ======== ==== ============ ======================= mikey 600 ntadmins users,root,mikey administrator 603 ntadmins users,root,admnistrator I have used Pdbedit to add user 'mike' and 'administrator' to the trivial database [EMAIL PROTECTED] root]# pdbedit -L -v -u mikey Unix username: mikey NT username: Account Flags: [U ] User SID: S-1-5-21-4105664934-1074514724-3375437219-2200 Primary Group SID: S-1-5-21-4105664934-1074514724-3375437219-1201 Full Name: Mike Young Home Directory: \\juan\mikey HomeDir Drive: H: Logon Script: logon.bat Profile Path: \\juan\profiles\mikey\0.0.0.0 Domain: E-MAGE ---snip---- [EMAIL PROTECTED] root]# pdbedit -L -v -u administrator Unix username: administrator NT username: Account Flags: [U ] User SID: S-1-5-21-4105664934-1074514724-3375437219-2206 Primary Group SID: S-1-5-21-4105664934-1074514724-3375437219-702 Full Name: wrkgrp domain administrator Home Directory: \\juan\administrator HomeDir Drive: H: Logon Script: logon.bat Profile Path: \\juan\profiles\administrator\0.0.0.0 Domain: E-MAGE ---snip---- I have used net groupmap to add the unix groups 'USERS','NOBODY','NTADMINS' net groupmap add unixgroup=nobody ntgroup="Domain Guests" net groupmap add unixgroup=ntadmins ntgroup="Domain Admins" net groupmap add unixgroup=users ntgroup="Domain Users" I have used net groupmap to MAP the unix groups 'USERS','NOBODY','NTADMINS' to the NT groups net groupmap modify ntgroup="Domain Guests" UNIXgroup=nobody net groupmap modify ntgroup="Domain Admins" UNIXgroup=nobody net groupmap modify ntgroup="Domain Users" UNIXgroup=nobody When I do a net groupmap list I get:- [EMAIL PROTECTED] root]# net groupmap list System Operators (S-1-5-32-549) -> -1 Replicators (S-1-5-32-552) -> -1 Guests (S-1-5-32-546) -> -1 Domain Admins (S-1-5-21-4105664934-1074514724-3375437219-2405) -> ntadmins Domain Users (S-1-5-21-4105664934-1074514724-3375437219-1201) -> users Domain Guests (S-1-5-21-4105664934-1074514724-3375437219-1199) -> nobody Domain Admins (S-1-5-21-4105664934-1074514724-3375437219-512) -> ntadmins Domain Guests (S-1-5-21-4105664934-1074514724-3375437219-514) -> nobody Domain Users (S-1-5-21-1097365102-1206842487-1930028900-513) -> users Power Users (S-1-5-32-547) -> -1 Print Operators (S-1-5-32-550) -> -1 Domain Admins (S-1-5-21-50666885-4256340010-4152097897-702) -> ntadmins Administrators (S-1-5-32-544) -> -1 Account Operators (S-1-5-32-548) -> -1 Domain Admins (S-1-5-21-50666885-4256340010-4152097897-512) -> -1 Domain Admins (S-1-5-21-1097365102-1206842487-1930028900-512) -> -1 Backup Operators (S-1-5-32-551) -> -1 Users (S-1-5-32-545) -> -1 Domain Guests (S-1-5-21-1097365102-1206842487-1930028900-514) -> -1 Domain Users (S-1-5-21-4105664934-1074514724-3375437219-513) -> -1 I then created the appropriate machine accounts through unix I then log on to a win2k or XP workstation as a local administrator and join the domain as user 'ROOT' and using the user management tool I add my DomainName\Domain Admins group to the local administrators group. I then re-logon to the win2k or XP workstation as the domain user either (mike or administrator. These both logon successfuly but are NOT Domain Admins or Administrators of the workstation -Why? -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
