> Hmmm... > > Well, it's fine for Windows to have a group called "Domain Admins" but > you need to have Unix groups where these can be mapped. > > For example, my PDC returns the following: > > Domain Admins (S-1-5-21-71265413-2685657396-3953940223-512) -> root > Domain Users (S-1-5-21-71265413-2685657396-3953940223-513) -> users > Domain Guests (S-1-5-21-71265413-2685657396-3953940223-514) -> nobody > > You didn't mention (or I missed) what you're using for the password > backend (e.g. smbpasswd, tdbsam or ldapsam) but you need to ensure that > you have Unix groups. In John Terpstra's excellent "Samba-3 by Example" > he uses a script to do that, with the following commands: > > net groupmap modify ntgroup="Domain Admins" unixgroup=root > net groupmap modify ntgroup="Domain Users" unixgroup=users > net groupmap modify ntgroup="Domain Guests" unixgroup=nobody > > You may want to ensure that you really do have groups called "Domain > Admins", "Domain Guests" and "Domain Computers", keeping in mind that > spaces in user/group names in Unix isn't recommended. > > Barry > hmm, my PDC based on smbpasswd return nothing when net groupmap list. but ldap based PDC returns the same as zdennis's
-- Regards, Dariusz Dwornikowski Network Administrator Cognifide Poland -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
