Check the GID of your Domain Admins group. It should end with "512" and should be mapped to a UNIX group which have a GID of the same value. If it's anything else, that can be a reason why your admin users actually don't have administrator rights on the client machines.
Run the following command to see how your group mappings look like: net groupmap list You should see the number 512 at the end of the Domain Admins SID. After you have verified, that your Domain Admins group has the appropriate SID, check the UID and GID of an administrative user, for example: id administrator You should see "gid=512" in the output of the command. Regards Gergely Kiss 2008/7/22 Jeroen Vriesman <[EMAIL PROTECTED]>: > Hi list, > > after upgrading our ldap server, the Domain Admins group doesn't work > anymore. > > Members of the domain admins group don't have any special rights on the > workstations (for example, they cannot even change the date of a machine in > the > domain anymore). > > When I lookup the group members I get: > > [EMAIL PROTECTED]:/etc/samba# net rpc group members 'Domain Admins' > Password: > HIVOS.NL\root > HIVOS.NL\foctaaf > HIVOS.NL\lhilarides > HIVOS.NL\administrator > HIVOS.NL\executor > HIVOS.NL\fbodijn > HIVOS.NL\psomer > HIVOS.NL\jvriesman > > And the rights of the group: > [EMAIL PROTECTED]:/etc/samba# net rpc rights list 'Domain Admins' > Password: > SeMachineAccountPrivilege > SeRemoteShutdownPrivilege > SePrintOperatorPrivilege > SeAddUsersPrivilege > SeDiskOperatorPrivilege > > That seems ok, but when I lookup the rights of a member of the Domain > Admins > group: > > [EMAIL PROTECTED]:/etc/samba# net rpc rights list 'HIVOS.NL\jvriesman' > Password: > SeAddUsersPrivilege > > [EMAIL PROTECTED]:/etc/samba# net rpc rights list 'HIVOS.NL\psomer' > Password: > <nothing here> > > Any idea why members of the Domain Admin group do not get the rights of the > group? > > cheers, > Jeroen. > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
