FINALLY ....[WAS Re: [Samba] Re: DID ANYBODY HERE...
Beast
beast at setuid.com
Tue Aug 5 09:30:33 GMT 2003
Tuesday, August 5, 2003, 8:33:07 AM, paul wrote:
> 1. Change the "Primary Group SID" of your Administator to the SID of the
> "Domain Admins" global group.
Well, to make it clear for everyone else, Requirements for domain
administator is you MUST set its group RID to 512.
No matter you have "Domain Admins" groupmapping or not.
To make user able to add machine to domain, (unix) uid and gid must be
0 no matter it belongs to nt domain admin or not at all.
This should be written in documentation, otherwise it will confuse
anybody.
well, i spent a whole week fight with this problem, however it 'just'
beta so it's my fault anyway to use beta sw.
However samba3 seems promissing, Tks samba team!
> 2. Add something like "memberUID: Administrator" to the corresponding
> UNIX group of your "Domain Admins" group.
This will not work.
"Domain Admins" group is still ok as long as you set GRID to 512.
--beast
More information about the samba
mailing list