LookupAccountSid and trust relationship
Torsten Curdt
tcurdt at dff.st
Thu Dec 14 19:04:05 GMT 2000
> I have similar problem. What I noticed, (i think it's documented
> in a .txt
> file somwhere in the CVS tree) is that the win2K system does not consider
> Domain Admins to be a member of the Administrators group. And
> It's not the
> same group. Administrators is the local system adminsitrators
> group. Since
> samba doesn't support trusts yet, you can not add the Domain Admins group,
> or the domain user, to the administrators group on your win2k system; this
> function requires trusts to communicate the exchange of rights/perms).
I just tried the following:
domain admin user = root
domain admin group = @root
Which gave me now Administrator rights on the each local machine!!
But still gives me the LookupAccountSid error!
User Group Policy results for:
DFF\root
Domain Name: DFF
Domain Type: Windows NT v4
Roaming profile: \\mogh\profiles\root
Local profile: C:\Dokumente und Einstellungen\root.DFF
The user is a member of the following security groups:
LookupAccountSid failed with 1789.
\Jeder
VORDEFINIERT\Benutzer
VORDEFINIERT\Administratoren <---- YES!!!
LookupAccountSid failed with 1789.
LookupAccountSid failed with 1789.
\LOKAL
NT-AUTORIT-T\INTERAKTIV
NT-AUTORIT-T\Authentifizierte Benutzer
--
Torsten
More information about the samba-ntdom
mailing list