LookupAccountSid and trust relationship
Hazen Valliant-Saunders
hazen at potentia.ca
Thu Dec 14 21:50:08 GMT 2000
OK:
Heres what i've heard via the grape vine:
Your trust relationship issue is a major problem with 2_2 (I know I'm having
the same one)
However the admin users and groups are not defineable. Ie; domain admin
group = @admin but for some reason does not work with NT5 (W2K anything!) or
barely works at all. but is a tad more functional with NT4 as for the
domain admin user = root well good question. Perhaps someone form the samba
2.2.0 dev team can awnser that. I've heard (In this maillist) that there
are a lot of compatibility issues with w2k.
Hope it helps
-----Original Message-----
From: samba-ntdom-admin at us5.samba.org
[mailto:samba-ntdom-admin at us5.samba.org]On Behalf Of Torsten Curdt
Sent: Thursday, December 14, 2000 3:40 AM
To: samba-ntdom at us5.samba.org
Subject: LookupAccountSid and trust relationship
Something seems to be wrong with our/the W2k<->Samba 2.2.0 CVS
trust relationsship!
1. Our domain admins has almost no rights to do anything!
2. I cannot grant rights to the "domain users" group
(how is the domain users group defined?)
I'm somehow lost but tried to track this down:
In our smb.conf we have "domain admin users = root"
and no "domain admin group"
I now logged in as DFF\root (=domain admin) and executed
"gpresult" from the W2k resource kit. This is what I get:
###############################################################
User Group Policy results for:
DFF\root
Domain Name: DFF
Domain Type: Windows NT v4
Roaming profile: \\mogh\profiles\root
Local profile: C:\Dokumente und Einstellungen\root.DFF
The user is a member of the following security groups:
LookupAccountSid failed with 1789.
\Jeder
VORDEFINIERT\Benutzer
LookupAccountSid failed with 1789.
\LOKAL
NT-AUTORIT-T\INTERAKTIV
NT-AUTORIT-T\Authentifizierte Benutzer
###############################################################
Last time Group Policy was applied: Mittwoch, 13. Dezember 2000 at 15:33:09
###############################################################
Computer Group Policy results for:
DFF\SHODAN$
Domain Name: DFF
Domain Type: Windows NT v4
The computer is a member of the following security groups:
VORDEFINIERT\Administratoren
\Jeder
NT-AUTORIT-T\Authentifizierte Benutzer
###############################################################
Seems like the machine is fully accepted but not the user
so gets only really limited access.
Can someone with more insight comment on this, please ;-)
--
Torsten
More information about the samba-ntdom
mailing list