zdennis wrote: > Domain Admins (S-1-5-21-3040749549-2843134544-1782940832-512) -> Domain Admins > Domain Users (S-1-5-21-3040749549-2843134544-1782940832-513) -> Domain Users > Domain Guests (S-1-5-21-3040749549-2843134544-1782940832-514) -> Domain Guests > Domain Computers (S-1-5-21-3040749549-2843134544-1782940832-515) -> Domain > Computers > Administrators (S-1-5-32-544) -> Administrators > Account Operators (S-1-5-32-548) -> Account Operators > Print Operators (S-1-5-32-550) -> Print Operators > Backup Operators (S-1-5-32-551) -> Backup Operators > Replicators (S-1-5-32-552) -> Replicators
Hmmm... Well, it's fine for Windows to have a group called "Domain Admins" but you need to have Unix groups where these can be mapped. For example, my PDC returns the following: Domain Admins (S-1-5-21-71265413-2685657396-3953940223-512) -> root Domain Users (S-1-5-21-71265413-2685657396-3953940223-513) -> users Domain Guests (S-1-5-21-71265413-2685657396-3953940223-514) -> nobody You didn't mention (or I missed) what you're using for the password backend (e.g. smbpasswd, tdbsam or ldapsam) but you need to ensure that you have Unix groups. In John Terpstra's excellent "Samba-3 by Example" he uses a script to do that, with the following commands: net groupmap modify ntgroup="Domain Admins" unixgroup=root net groupmap modify ntgroup="Domain Users" unixgroup=users net groupmap modify ntgroup="Domain Guests" unixgroup=nobody You may want to ensure that you really do have groups called "Domain Admins", "Domain Guests" and "Domain Computers", keeping in mind that spaces in user/group names in Unix isn't recommended. Barry -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
