----- Original Message ----- From: "edd payne" <[EMAIL PROTECTED]> To: "Jonathan Baker-Bates TMS" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Tuesday, March 09, 2004 12:40 PM Subject: Re: [Samba] Samba 3 - domain admins (not root)? <snip> > > > > However, I still can't get my user "jbb" to be a domain admin. I'm mapping > > the "smbadmins" group to the NT "Domain Admins" entity like this: > > > > net groupmap add ntgroup="Domain Admins" unixgroup=smbadmins > > > > and it says it created the mapping successfully, but when I log onto the > > domain with that account, it doesn't have admin rights. I can see the > > mapping with: > > > > # net groupmap list ntgroup="Domain Admins" > > Domain Admins (S-1-5-21-3040818230-2349230895-2714690390-3009) -> smbadmins > > > > and in /etc/group I have smbadmins:x:1004:jbb > > > > I'm not sure what I'm doing wrong. > > you need to use net groupmap modify rather than net groupmap add. the domain > admins group should have an SID (the S- number) ending in 512 if it is the > real "Domain Admins" group. delete the mapping you put in and then repeat the > net groupmap command but use: > > net groupmap modify ntgroup="Domain Admins" unixgroup=smbadmins > > Then when you do net groupmap list you should get: > > Domain Admins (S-1-5-21-3040818230-2349230895-2714603090-512) -> smbadmins > > and it should work > > you also need to "modify" groups such as Domain Users, Domain Guests, Backup > Operators etc. > > edd >
Ahhh. Thanks Edd. That's working fine now. I should have guessed when I did that net groupmap list thar something wasn't right. Jonathan -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
