Luke Kenneth Casson Leighton lkcl at switchboard.net
Fri Feb 26 15:31:17 GMT 1999

On Fri, 26 Feb 1999, Gerald Carter wrote:

> Alexandre Lecuyer wrote:
> > 
> > in log.<machine_name> I get  warnings about the RID
> > [1999/02/25 15:10:26, 0] passdb/sampass.c:getsamfile21pwent(108)
> >   trust account wstation-1$ should be in DOMAIN_GROUP_RID_USERS
> This is a reminder note Luke left to himself.  It can be 
> safely ignored.
> > I have problems using the local domain map (to user local admin
> <snip>
> > [1999/02/25 15:10:26, 0] passdb/sampassdb.c:pwdb_sam_map_names(535)
> >   UNIX User lefsys Primary Group is in the wrong domain! S-1-5-32-544
> probably have something like
> domain_group.map
> 	wheel="Domain Admins"
> local_group.map
> 	wheel=Adminstrators
> Luke, can you explain again what the local group gets you if 
> you are running as a Samba PDC.  I mean as an example.
> I know what the affect.  Rather I'm asking for a practical
> example.

argh, i don't know!  it's exactly the same as if you were using an nt

the example that john gave me was if you want to move files from one
domain to another.  you make a local group the owner of the files (or
something) and then you make a domain group a member of the local group.
when you move the files to another domain you can still access the files,
and you make the _new_ domain a member of the local group in order for
the new domain users to access it.

if you make a domain group the owner of the files and you remove the
domain controller you can no longer access those files (unknown SID/rid).

the arrangement above makes sure that you can access files in the absence
of the domain controller.

More information about the samba-ntdom mailing list