Also, Is it necessary to group map groups you're using in samba? For example: ntgroup "marketing" --> unix group "marketing" ntgroup "sales" --> unix group "sales" What are pros and cons to doing this, or is it optional? -- Delamatrix _____
From: Neil Muller [mailto:[EMAIL PROTECTED] To: Golden Butler [mailto:[EMAIL PROTECTED] Cc: Samba Mailing List [mailto:[EMAIL PROTECTED] Sent: Wed, 24 May 2006 19:22:48 -0500 Subject: Re: [Samba] Domain Admins Golden Butler wrote: > Hi, > > I'm trying to set up one of my users to be a domain admin. I have > unix/ldap group called "domainadm" with "user1" a member of the group. > When I run "net groupmap list" I get the following: > > Domain Admins (S-1-5-21-186220259-3826000728-3192352269-7033) -> domainadm > > But when I go to log in to the domain with "user1" on a winxp machine, > the user isn't able to make administrative changes to the computer. > > Is there something I'm doing wrong? > > - Delamatrix > > SLES9-SP3 > Samba 3.0.20b > Openldap > I think you may need to check the rid you have used for the Domain Admins group. According to http://us3.samba.org/samba/docs/man/Samba-HOWTO-Collection/groupmapping.html this is one of the well known rids which must be maintained for correct functioning of the NT groups systems. You have a rid of 7033 and I think it should be 512. Neil -- email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
