[Samba] Power Users - Is it possible?

George Farris farrisg at mala.bc.ca
Thu Jul 24 20:58:30 GMT 2003


$%#@&^% I forgot to delete the profile.  It works.  Now I should be able
to make a new "Domain Power Users" group with "net groupmap add".  How
does one find a new sid or can I just increment the last number used
like so:

[root at owl profiles]# net groupmap list
System Operators (S-1-5-32-549) -> -1
Domain Guests (S-1-5-21-1135672234-1853056381-2991119365-514) -> -1
Replicators (S-1-5-32-552) -> -1
Guests (S-1-5-32-546) -> -1
Power Users (S-1-5-32-547) -> -1
Print Operators (S-1-5-32-550) -> -1
Domain Users (S-1-5-21-1135672234-1853056381-2991119365-513) -> -1
Administrators (S-1-5-32-544) -> -1
Account Operators (S-1-5-32-548) -> -1
Backup Operators (S-1-5-32-551) -> -1
Users (S-1-5-32-545) -> users
Domain Admins (S-1-5-21-1135672234-1853056381-2991119365-512) -> dadmin

Since S-1-5-21-1135672234-1853056381-2991119365-514 is the last number
displayed I could use:
S-1-5-21-1135672234-1853056381-2991119365-515

Also how does one remove a mapping from a local unixgroup?  It seems
once mapped, I can only ever assign it to a new group or delete the
ntgroup and start again.


On Thu, 2003-07-24 at 13:18, Jason C. Waters wrote:
> Did you try it after deleting the profile?
> 
> George Farris wrote:
> 
> >Well interestingly enough it only works if I make pwruser (which is
> >mapped to "Domain Users") be the primary group of the user.  This is
> >confusing because with the user I have set up for a Domain Admin
> >(unixgroup dadmin) dadmin is not it's primary group.
> >
> >Any thoughts?
> >
> >On Thu, 2003-07-24 at 12:22, Felipe Alfaro Solana wrote:
> >  
> >
> >>On Thu, 2003-07-24 at 18:31, George Farris wrote:
> >>    
> >>
> >>>I have also struggled with this problem.  It seems one can map a domain
> >>>group such as Domain Admins and have it take effect on the workstation
> >>>but Power Users is, I think, a local group and it doesn't work even
> >>>though one can map a unix group to it.
> >>>
> >>>So how can one add users to a Power User group and have it take effect
> >>>like Domain Admins?
> >>>      
> >>>
> >>On Windows, the "Power Users" is a local group, that is, it's members
> >>are not stored on a domain controller, but on the local SAM of the
> >>machine. Thus, if for an specific machine you want to make all Domain
> >>Users to be Power Users, you'll need to use Windows administration tools
> >>and *manually* add the "Domain Users" global group to the "Power Users"
> >>local group of the machine.
> >>    
> >>
-- 
George Farris  farrisg at mala.bc.ca
Computer Support Cowichan.




More information about the samba mailing list