Golden Butler wrote:
Hi,
I'm trying to set up one of my users to be a domain admin. I have
unix/ldap group called "domainadm" with "user1" a member of the group.
When I run "net groupmap list" I get the following:
Domain Admins (S-1-5-21-186220259-3826000728-3192352269-7033) -> domainadm
But when I go to log in to the domain with "user1" on a winxp machine,
the user isn't able to make administrative changes to the computer.
Is there something I'm doing wrong?
- Delamatrix
SLES9-SP3
Samba 3.0.20b
Openldap
I think you may need to check the rid you have used for the Domain
Admins group. According to
http://us3.samba.org/samba/docs/man/Samba-HOWTO-Collection/groupmapping.html
this is one of the well known rids which must be maintained for correct
functioning of the NT groups systems. You have a rid of 7033 and I think
it should be 512.
Neil
--
email: [EMAIL PROTECTED]
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
