Win2K Groups, Samba 2.2 Alpha, Broadcasts

Scott Merrill smerrill at svfc.org
Thu Mar 1 16:34:20 GMT 2001 

ITEM #1
-------
I've finally managed to get my Windows 2000 servers into my Samba controlled
domain - I tried several recent CVS snapshots, but none seemed to work.  I
ended up using the snapshot from 02-17-2001, and that _finally_ worked!

I've created a Linux group called "admins" and my /etc/smb.conf contains the
line "domain admin group = @admins".  Several users are members of this
admins group.

Now I'd like to add the Domain Admins group to the local Administrators
group on each of the Windows 2000 servers.  I log on to a Win2K server as
the local administrator and navigate Computer Management to Users and
Groups.  I double click the Administrators group, click Add, and then select
my domain from the drop down list.  When prompted, I supply the root
username and password, and am presented with a list of domain users.

At the very end of this list is "Domain Admins".  I click that, then click
Add.  After a short delay, I'm taken back to the group members listing for
the local Administrators group.  If I click Apply or OK at this point, I
receive an error that the trust relationship between the Windows 2000 server
and the domain has failed.  I am unable to add the Domain Admins group to
the local Administrators group.

I _am_ able to add individual domain user accounts to the local
Administrators group; but not with any regularity: sometimes it works, and
sometimes it presents the error about the trust relationship.

Any ideas why this doesn't work?

Also, any ideas why I don't see ANY of my Linux groups in the drop down list
on the Windows 2000 server?  If this is an unfinished feature, that's fine:
I'd just like to know about it!

ITEM #2
-------
My Windows 2000 servers are transmitting a fair bit of traffic on ports 88
(kerberos) and 445 (microsoft-ds).  I haven't implemented kerberos, and I
thought that the Win2K servers would be operating in Legacy mode with the
Samba domain controller.  Is there an easy way to disable these
transmissions?


Cheers,
Scott

More information about the samba-ntdom mailing list