Need help with domain groups.

Larry McElderry larry at
Tue Jun 29 14:12:22 GMT 1999


Good luck on getting an answer to this.  I've posted the very same question
on this list twice and never received a response.  Here's what I've been
able to discern through trial and error:

The groups don't appear to work properly in 2.0.4.  You'll probably need to
download the latest CVS branch (see ntdom FAQ).  With the alpha version
there's a config comand called "domain group map" (domain admins appears to
be deprecated). Here's the config I've been using:
workgroup = CAT
    server string = TC Server (%h)
    encrypt passwords = Yes
    null passwords = Yes
    syslog only = Yes
    name resolve order = hosts dns
    socket options = TCP_NODELAY
    domain group map = /etc/
    builtin group map = /etc/smbbuiltin
    domain user map = /etc/smbnames
    logon script = netlog.bat
    logon drive = z:
    domain logons = Yes
    preferred master = True
    domain master = True
    local master = True
    preload = lp
    admin users = larry
    printing = sysv
    print command = lpr -r -P %p %s
    lppause command = lp -i %p-%j -H hold
    lpresume command = lp -i %p-%j -H resume
    queuepause command = lpc stop %p
    queueresume command = lpc start %p
    map archive = No
    security = user
    wins support = yes

My domain group map = /etc/ looks like this:

adm="Domain Admins"  # don't know what this is for
dpdev   Administrators

Unfortunately,  this doesn't really work as I expected.  When I can logon
from an NT workstation,  I don't get administrator rights.  When I view my
user setttings with User Manager for Domains,  there are actually 2
Administrator groups - one local to my machine and one for the domain.
Since I'm a member of dpdev on the linux box,  the group mapping shows me as
a member of administators in the CAT domain.  Nonetheless,  no admin rights
on my PC (very frustrating).

Worse yet, lately, I've been unable to logon at all,  even though I haven't
changed the setup.  Now I get a message saying "You could be logged in
(C0000087) see your sys admin".  I haven't been able to find any reference
to that number anywhere.

Realizing this probably isn't much help to you,  perhaps someone with actual
knowledge of these mappings and file formats will be inspired to respond.

There is also the
    builtin group map = /etc/smbbuiltin
paramater.  I was wondering if this is to map local workstation groups to
linux groups.  I couldn't find any doc on this,  nor have I been able to
discern exactly what it does.

Larry McElderry
> -----Original Message-----
> From: samba-ntdom at [mailto:samba-ntdom at]On Behalf Of
> Adam Herbert
> Sent: Tuesday, June 29, 1999 12:31 AM
> To: Multiple recipients of list
> Subject: Need help with domain groups.
> I've had trouble with finding information on setting up domain groups in
> samba. I'm running 2.0.4b, and I've played a little with the domain admin
> group setting but not much progress. What I'm trying to accomplish is, I
> have a NT Workstation I'm connecting to my samba server but I
> still want to
> be a Administrator. Any help would be appreciated.
> Thanks,
> Adam Herbert

More information about the samba-ntdom mailing list