[Samba] joining samba pdc groups to local w2k groups

[dave w capella]

On Sun, 31 Mar 2002, Georg Lutz wrote:

>Hi,
>
>I installed 2.2.3a with LDAP-Sam on Redhat 7.2 .
>
>Joining w2k-clients to the PDC "ERCAG" and authenticatung users via ldap works.
>
>But I am not able to join Domain-Users and Domain-Admins to the local
>w2k admin and user-groups.

I couldn't tell you how many hours I've wasted on this... I've been
living with it on NT4 and Win2k; redat 7.0, 7.1, 7.2;
samba 2.1, 2.2.2, 2.2.3a. I even got rid of NIS and md5 - no go.

>When I view the current members of w2k local groups I only get the
>groupname "ERCAG\unix_group.214783404". When I try to add additional

hm, even the number matches.

>groups from PDC I see only user-accounts and one group: "Domain Admins",
>but I am not able to join the "Domain-Admin"-group.

i just use the local admin to join the domain's root account (root on the
server). really don't like to, but it works.

>The error message is something like "not able to join to local group,
>the member does not exist"(German w2k).

i get a variety of errors, depending on whether i'm in a control panel,
a file perm's dialog, joining a box to the domain, etc.

>>From what I understand, "Domain Admins"-group should be handled
>internally by samba.
>
>So what is wrong here?

i have a small network, so a 'shared' admin account has worked for me.
using roaming profiles, and putting the local 'Authenticated Users' into
the 'Power Users' group has kept everything running. i just keep hitting the
'ok' button through all the warnings. not ideal, but at least folks are
working while i do more research. perhaps it'll buy you some time, too.

...dave
-- 
   ~~~~ ____  |   It's kind of fun to do the impossible.- Disney  |
  Y_,___|[]|  |  dave.capella at cornell.edu ~ www.bscb.cornell.edu  |
 {|_|_|_|__|,_|_____dave_w_capella____BSCB____Cornell_University__|
//oo---OO=OO     OO     OO         OO      OO        OO       OO