Domain Administration Rights
donbrearley at hcc.mnscu.edu
Mon Aug 2 20:26:44 GMT 2004
I currently am running a Samba 3.0.5 based PDC on FreeBSD 5.2.1
I have all my users seperated into "department" groups.. (eg: hr, it, etc)
In samba 2.x.x I was able to specify multiple groups
in the "Domain Admin" global configuration setting.
eg: (domain admin group = @hr, @it, @services)
However, in Samba 3.x.x I have to use the "net groupmap" command
to modify the NT group "Domain Admins" to point to a unix group.
My problem is, I used to have each department group running with Domain
Admin privileges, and now I can only specify one group, and it is causing
a few problems with my users. I need to be able to specify multiple
groups as "Domain Admins"
Can anyone provide any insight into how I may fix this problem? FreeBSD
does not allow for "groups of groups" so that is not an option.
I know I can go to each machine and modify local security settings on
each PC to belong to a new "Domain Admins" group, but there are nearly 1000
machines on my network :)
Thanks for any help!
- Don Brearley
HCC Computer Services
More information about the samba-technical