[Samba] - Win2k local groups and domain groups on linux PDC

[Yannick Tousignant]

It appear to me that LDAP groups are not considerate like
valid domain group for Windows NT/2000. This is why,
and please correct me if i'm wrong, it is not possible
to do such thing.

Yannick

  -----Original Message-----
  From: Matt Lung [mailto:mattl at midwest-tool.com]
  Sent: Thursday, May 23, 2002 2:39 PM
  To: Yannick Tousignant
  Subject: Re: [Samba] - Win2k local groups and domain groups on linux PDC


  I am using only linux servers.  How can I make the groups on the linux
server appear in windows so i can add them to like Power Users group or a
group on windows?

  matt



  ----- Original Message -----
    From: Yannick Tousignant
    To: Matt Lung
    Cc: samba at lists.samba.org
    Sent: Thursday, May 23, 2002 12:54 PM
    Subject: RE: [Samba] - Win2k local groups and domain groups on linux PDC



    In Samba release 2.2.2, only 2 groups are dealed for Microsoft Windows
workstations: Domain

    Admins and Domain Users. All other groups are considered Local Unix
Group. That's

    mean that a Samba user will only be Domain user or Domain Admin. If you
only use Samba

    servers, there will be no problem, but if you plan to use Microsoft
Windows NT member server

    using groups, just forget about it...



    Cut/Paste of  --> The SAMBA-LDAP-PDC Howto Revision : 1:14

    Hope this help...

    Yannick



     -----Original Message-----
    From: samba-admin at lists.samba.org [mailto:samba-admin at lists.samba.org]On
Behalf Of Matt Lung
    Sent: Thursday, May 23, 2002 11:53 AM
    To: samba at lists.samba.org
    Subject: [Samba] - Win2k local groups and domain groups on linux PDC



      I am currently running Samba 2.2.4 on a RH 7.1 box acting as a PDC
with two Win2k test clients attaching to it.  Users authenticate to the PDC
via an LDAP server running on the PDC and that works ok.  I can also join
the domain with no problems.  What I am trying to accomplish is to have a
domain user or better yet a group of domain users, be able to log into the
win2k box and have the linux domain group they belong to be able to be part
of one of the Win2k local groups so they can have administrative privileges
right off the bat without having to add several domain users to a win2k
local group.

      What I've encountered is that when I edit the Administrators local
group or any other group on the win2k box and want to add a domain group
such as @admin, none of the domain groups even show up in the list.  It only
lists domain users.  So my question is.... is there anyway to get the groups
to populate in this list also????  Sure would be nice.

      If anyone can help me out with fixing this or somewhat pointing me in
the right direction I would really appreciate it.

      thanks.

      Matt Lung
-------------- next part --------------
HTML attachment scrubbed and removed