LookupAccountSid and trust relationship

Hazen Valliant-Saunders hazen at potentia.ca
Thu Dec 14 21:50:08 GMT 2000 

OK:
Heres what i've heard via the grape vine:
Your trust relationship issue is a major problem with 2_2 (I know I'm having
the same one)
However the admin users and groups are not defineable. Ie; domain admin
group = @admin but for some reason does not work with NT5 (W2K anything!) or
barely works at all.  but is a tad more functional with NT4 as for the
domain admin user = root well good question.  Perhaps someone form the samba
2.2.0 dev team can awnser that.  I've heard (In this maillist) that there
are a lot of compatibility issues with w2k.



Hope it helps




-----Original Message-----
From: samba-ntdom-admin at us5.samba.org
[mailto:samba-ntdom-admin at us5.samba.org]On Behalf Of Torsten Curdt
Sent: Thursday, December 14, 2000 3:40 AM
To: samba-ntdom at us5.samba.org
Subject: LookupAccountSid and trust relationship


Something seems to be wrong with our/the W2k<->Samba 2.2.0 CVS
trust relationsship!

1. Our domain admins has almost no rights to do anything!
2. I cannot grant rights to the "domain users" group
   (how is the domain users group defined?)

I'm somehow lost but tried to track this down:

In our smb.conf we have "domain admin users = root"
and no "domain admin group"

I now logged in as DFF\root (=domain admin) and executed
"gpresult" from the W2k resource kit. This is what I get:

###############################################################
  User Group Policy results for:
  DFF\root
  Domain Name:          DFF
  Domain Type:          Windows NT v4
  Roaming profile:      \\mogh\profiles\root
  Local profile:        C:\Dokumente und Einstellungen\root.DFF
  The user is a member of the following security groups:
LookupAccountSid failed with 1789.
        \Jeder
        VORDEFINIERT\Benutzer
LookupAccountSid failed with 1789.
        \LOKAL
        NT-AUTORIT-T\INTERAKTIV
        NT-AUTORIT-T\Authentifizierte Benutzer
###############################################################
Last time Group Policy was applied: Mittwoch, 13. Dezember 2000 at 15:33:09
###############################################################
  Computer Group Policy results for:
  DFF\SHODAN$
  Domain Name:          DFF
  Domain Type:          Windows NT v4
  The computer is a member of the following security groups:
        VORDEFINIERT\Administratoren
        \Jeder
        NT-AUTORIT-T\Authentifizierte Benutzer
###############################################################

Seems like the machine is fully accepted but not the user
so gets only really limited access.

Can someone with more insight comment on this, please ;-)
--
Torsten

More information about the samba-ntdom mailing list