domain users map?

David Bannon D.Bannon at
Tue Dec 22 21:44:29 GMT 1998

At 02:42 AM 23/12/1998 +1100, Matthew Kirkwood wrote:
>I have a domain set up and working quite nicely now, but I need to
>give a couple of users admin rights (mostly so that they can write
>files on their local disks, share printers, etc).

As I said in another post, this is on its way to the FAQ, I'm sure Jerry
will do it as soon as he can.

How do I make a Domain Administrator now that the experimental "domain
admin group = X" parameter has been replaced in 2.1 ?

Simplest Version :

Choose a suitable UNIX group, for example the group "adm".

In smb.conf : 
	domain group map = /usr/local/samba/lib/

In the file /usr/local/samba/lib/ :
	adm="Domain Admins"

In /etc/group, put any user you want to be a "Domain Admin" in the group

These users will have Domain Admin rights on the workstations and will, for
example, have Domain Admins policy rules (ie permissions) applied to them.
They can take the workstation out of a domain, remove or edit profiles on
the machine etc.

You can do much more (if you understand differences between local and
domain admins), to create local administrators :
Choose a suitable unix group, for example "wheel".

local group map = /usr/local/samba/lib/
In the file /usr/local/samba/lib/ put :

domain user map = /usr/local/samba/lib/
In the file /usr/local/samba/lib/ put :

Then run :
	smbpasswd -a root
and tell it your root password.

Then in /etc/group, any users that you want to be local administrators must
be in the group "wheel".



David Bannon                      D.Bannon at
School of Biochemistry            Phone 61 03 9479 2197
La Trobe University, Plenty Rd,   Fax   61 03 9479 2467
Bundoora, Vic, Australia, 3083
..... Humpty Dumpty was pushed !

More information about the samba-ntdom mailing list