[Samba] can't add "Domain Users" group to local "Power Users" group

Louis-David Mitterrand vindex at apartia.org
Sun Oct 13 16:18:01 GMT 2002


If I need some "Domain Users" to have local "Power Users" privileges
what is the best way?

- convert the local Power Users group to a domain group on the PDC with
  "smbgroupedit -c<...> -td"

  Not really knowing the consequence of that change I refrained from
  doing it. It seems (from searching on Google) that "Power Users" is
  only a local group; would that simple step solve my problem?

- add the "Domain Users" group to the local "Power Users" group on each
  client: this seems the recommended practice, however it doesn't work.
  When trying I get a msgbox with:
  "Information returned from the object picker for objet 'Domain Users'
  was incomplete. The object will no be processed."

  On the PDC log.smbd displays an ominous message:

	[2002/10/13 18:10:27, 2] passdb/pdb_ldap.c:ldapsam_search_one_user(431) ldapsam_search_one_user: searching for:[(&(uid=Domain Users)(objectclass=samba
	[2002/10/13 18:10:27, 2] rpc_server/srv_samr_nt.c:access_check_samr_object(94) _samr_open_group: ACCESS DENIED  (requested: 0x0000004e)

This is on debian unstable with samba 3.0 alpha and ldapsam.


    THESEE: Je t'aimais ; et je sens que malgré ton offense,
            Mes entrailles pour toi se troublent par avance.
                                          (Phèdre, J-B Racine, acte 4, scène 3)

More information about the samba mailing list