Luke Kenneth Casson Leighton
lkcl at switchboard.net
Fri Feb 26 15:31:17 GMT 1999
On Fri, 26 Feb 1999, Gerald Carter wrote:
> Alexandre Lecuyer wrote:
> > in log.<machine_name> I get warnings about the RID
> > [1999/02/25 15:10:26, 0] passdb/sampass.c:getsamfile21pwent(108)
> > trust account wstation-1$ should be in DOMAIN_GROUP_RID_USERS
> This is a reminder note Luke left to himself. It can be
> safely ignored.
> > I have problems using the local domain map (to user local admin
> > [1999/02/25 15:10:26, 0] passdb/sampassdb.c:pwdb_sam_map_names(535)
> > UNIX User lefsys Primary Group is in the wrong domain! S-1-5-32-544
> probably have something like
> wheel="Domain Admins"
> Luke, can you explain again what the local group gets you if
> you are running as a Samba PDC. I mean as an example.
> I know what the affect. Rather I'm asking for a practical
argh, i don't know! it's exactly the same as if you were using an nt
the example that john gave me was if you want to move files from one
domain to another. you make a local group the owner of the files (or
something) and then you make a domain group a member of the local group.
when you move the files to another domain you can still access the files,
and you make the _new_ domain a member of the local group in order for
the new domain users to access it.
if you make a domain group the owner of the files and you remove the
domain controller you can no longer access those files (unknown SID/rid).
the arrangement above makes sure that you can access files in the absence
of the domain controller.
More information about the samba-ntdom