RID

Luke Kenneth Casson Leighton lkcl at switchboard.net
Fri Feb 26 15:31:17 GMT 1999


On Fri, 26 Feb 1999, Gerald Carter wrote:

> Alexandre Lecuyer wrote:
> > 
> > in log.<machine_name> I get  warnings about the RID
> > [1999/02/25 15:10:26, 0] passdb/sampass.c:getsamfile21pwent(108)
> >   trust account wstation-1$ should be in DOMAIN_GROUP_RID_USERS
> 
> This is a reminder note Luke left to himself.  It can be 
> safely ignored.
> 
> > I have problems using the local domain map (to user local admin
> <snip>
> > [1999/02/25 15:10:26, 0] passdb/sampassdb.c:pwdb_sam_map_names(535)
> >   UNIX User lefsys Primary Group is in the wrong domain! S-1-5-32-544
> 
> probably have something like
> 
> domain_group.map
> 	wheel="Domain Admins"
> 
> local_group.map
> 	wheel=Adminstrators
> 
> 
> Luke, can you explain again what the local group gets you if 
> you are running as a Samba PDC.  I mean as an example.
> I know what the affect.  Rather I'm asking for a practical
> example.

argh, i don't know!  it's exactly the same as if you were using an nt
server.

the example that john gave me was if you want to move files from one
domain to another.  you make a local group the owner of the files (or
something) and then you make a domain group a member of the local group.
when you move the files to another domain you can still access the files,
and you make the _new_ domain a member of the local group in order for
the new domain users to access it.

if you make a domain group the owner of the files and you remove the
domain controller you can no longer access those files (unknown SID/rid).

the arrangement above makes sure that you can access files in the absence
of the domain controller.



More information about the samba-ntdom mailing list