In article <[EMAIL PROTECTED]>, Trey Nolen wrote: > I have a new Debian testing machine running the Debian Samba 3.0.5. > Everything seems OK except that I cannot get users to have domain admin > rights. I have Windows XP workstations. The workstations join and log > onto the domain fine. > > A "net groupmap list" yields: > > server:/home/tnolen# net groupmap list > System Operators (S-1-5-32-549) -> -1 > Replicators (S-1-5-32-552) -> -1 > Guests (S-1-5-32-546) -> -1 > Domain Users (S-1-5-21-3876029557-4061927837-2224609541-513) -> users > Power Users (S-1-5-32-547) -> -1 > Print Operators (S-1-5-32-550) -> -1 > Administrators (S-1-5-32-544) -> domadm > Domain Admins (S-1-5-21-3876029557-4061927837-2224609541-512) -> domadm > Account Operators (S-1-5-32-548) -> -1 > Domain Guests (S-1-5-21-3876029557-4061927837-2224609541-514) -> nogroup > Backup Operators (S-1-5-32-551) -> -1 > Users (S-1-5-32-545) -> -1 > > My user, for example, is in the domadm group: > server:/home/tnolen# groups tnolen > tnolen : users domadm > > I have tried several combinations of group mappings but all yield the > same result. Basically, the user is just a regular user. >
Have you tried: net getlocalsid SID for domain DOMAIN is: S-1-5-21-3876029557-4061927837-2224609541, ie. the SIDs should match. If they don't: 1. Stop samba 2. Delete "group_mapping.tdb" 3. Start samba 4. net groupmap modify ntgroup="Domain Admins" unixgroup=domadm etc. This should make a fresh group_mapping.tdb with correct SIDs. Hope this helps. Regards, Sten Sletbak Oslo University College -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
