[Samba] What makes an account is DOMAIN ADMINISTRATOR?

[Beast]

Friday, July 25, 2003, 3:58:57 PM, Beast wrote:

> Friday, July 25, 2003, 2:58:54 PM, Alex wrote:

>> Look into the command 'net groupmap', here is where it lies.

>> for example net groupmap add unixgroup=domainadmins ntgroup="Domain Admins"
>> type=domain

>> this will ´map your local group domainadmins to Domain Admins, so that
>> windows understands it.
>> If you already have groupmaps set up but no groups map to them use net
>> groupmap modify.

> This is my initial map from fresh install :
> [root at potato root]# net groupmap list
> System Operators (S-1-5-32-549) -> -1
> Domain Users (S-1-5-21-682855339-941891451-1873685625-513) -> -1
> Replicators (S-1-5-32-552) -> -1
> Guests (S-1-5-32-546) -> -1
> Domain Guests (S-1-5-21-682855339-941891451-1873685625-514) -> -1
> Power Users (S-1-5-32-547) -> -1
> Print Operators (S-1-5-32-550) -> -1
> Administrators (S-1-5-32-544) -> -1
> Account Operators (S-1-5-32-548) -> -1
> Domain Admins (S-1-5-21-682855339-941891451-1873685625-512) -> -1
> Backup Operators (S-1-5-32-551) -> -1
> Users (S-1-5-32-545) -> -1

> I have root user in smbpasswd and not put his group to
> "Administrators" or "Domain Admins" but why it able to add machine
> trust from Win2k client? any explanation?

> Tks.

Another problem :(

I create ordinary unix user, put in smbadmin unix group.

  smbadmin:x:999:beast

I create machine trust account (in unix and smbpasswd)
  [root at potato root]# pdbedit -L
  beast:500:
  trg02$:501:

  
I map "smbadmin" to "Domain Admins" ntgroup :

  Domain Admins (S-1-5-21-682855339-941891451-1873685625-512) -> smbadmin

>From Win2000, I can not joint this client to domain with user "beast", it says : Login
failure: unknown username or bad password.
(FYI, I can login using beast on Win98 client, so no pb in
username/password)

So, what is exactly requirement for Domain admins?????





--beast