domain group and local group API needed
Luke Kenneth Casson Leighton
lkcl at switchboard.net
Fri Oct 30 17:40:41 GMT 1998
On Fri, 30 Oct 1998, Dirk De Wachter wrote:
> > long, involved, important response.
> >
> > On Fri, 30 Oct 1998, Kyle McDonald wrote:
> (and much deleted...)
> >
> > > I think (and I might be wrong) that you can't have a local
> > > users or group with the same name as a domain user or group -
> >
> > absolutely correct. the namespace must be unique, in a particular
> > SAM/Domain, across
> >
> > - users
> > - local groups
> > - domain groups
> >
> > i just tried it out: i tried adding a group with the same name as a
> > user, the same name as a local group etc etc: it failed.
> NT allows us to have a WKSTA\Administrator and PDC\Administrator
> account which are definitely different. The former can only
> administrate the local workstation, while the latter is responsible
> for the complete DOMAIN.
correct: they have totally different SIDs, one each for WKSTAT and another
for PDC, therefore they are totally different: thank you for clarifying
this point, which i forgot to mention.
try, however, adding a group named "Administrator" to PDC or WKSTA
domains: you will find that it fails.
More information about the samba-ntdom
mailing list