group mapping and 3.0 pre21

John H Terpstra jht at
Fri Jan 3 18:57:00 GMT 2003

On Fri, 3 Jan 2003, Bradley W. Langhorst wrote:

> On Fri, 2003-01-03 at 08:52, grobe at wrote:
> > Hi!
> >
> > I finally got the group mapping with smbgroupedit work fine here. The
> > problem was that I had to fix the group type of my windows-groups on the samba-pdc.
> > When I did a smbgroupedit -v -l, I got some groups with group type = unknow.
> > With smbgroupedit -c (mygroup) -t d or -t l I made them local or domain
> > groups. Now I can see and use them on the client.
> >
> > The next issue here is how to get my "domain users" into the "power users"
> > on all my clients. I really don't want to do a "net localgroup" on all 100
> > client machines... But this is a Windows problem, not a samba problem.
> >
> since you're using samba3
> you can simply add all your power_users to a new unix group,
> map that unix group to a new domain group,
> and add the new domain group to the local power_users group on
> the workstations
> it's not a big deal for me to do that because i can just roll out a new
> system image with the correct group memberships...
> if you can't do that you might try to figure out a way to make a logon
> script that does what you want (i'm not sure that's possible)

Yep! It is! Using a Policy File! Create it using the MS Windows NT Group
Policy Editor. Put it (the NTConfig.POL) file in the root of your NETLOGON
share. It gets loaded by the client automatically at domain logon time.

Oh: PS: You need to create a policy editor template that includes the
option to add an account to a local machine account.

- John T.
John H Terpstra
Email: jht at

More information about the samba-technical mailing list