Beast beast at setuid.com
Mon Aug 4 03:20:45 GMT 2003

Monday, August 4, 2003, 1:53:43 AM, paul wrote:

> Beast wrote:
>> Sorry to puuting all caps subject, but at least i get your
>> attentention right now :-)
>> I just want to ask 1 (one) question to anybody here.
>> Did you ever try samba 3.0b3 and having 'domain admins' global group
>> working on Win2000 client?
> YES!!

> hope that helps ;)

It was help me much, because i though the groupmap is just cosmetic on
this release and still not usable :-)
Glad to see that it works, it gives me confidence to try it more

May i know how you do it?

This is my environment :
RH9, samba 3.0b3, openldap 2.1.21
All accounts are on ldap

[root at potato root]# net groupmap list
Domain Admins (S-1-5-21-2897595519-3619093474-3625347041-512) -> root
[root at potato root]# getent passwd |grep administrator
[root at potato root]# getent group |grep administrator
[root at potato root]# pdbedit -Lv administrator
Unix username:        administrator
NT username:          administrator
Account Flags:        [U          ]
User SID:             S-1-5-21-2897595519-3619093474-3625347041-1000
Primary Group SID:    S-1-5-21-2897595519-3619093474-3625347041-1001
Full Name:            Administrator
Home Directory:
HomeDir Drive:
Logon Script:         logon.bat
Profile Path:
Domain:               DJKT
Account desc:

With admin uid 0, i can use admin to add machine trust, but when login w2k
client can not recognized it as domain admin (ie. can not change IP
address on client machine etc.)



More information about the samba mailing list