[Samba] Power Users - Is it possible?

Jason C. Waters jwaters at h2os.com
Thu Jul 24 21:06:48 GMT 2003 

net groupmap modify ntgroup="Power Users" unixgroup="pwrusers"

something like that!

George Farris wrote:

>$%#@&^% I forgot to delete the profile.  It works.  Now I should be able
>to make a new "Domain Power Users" group with "net groupmap add".  How
>does one find a new sid or can I just increment the last number used
>like so:
>
>[root at owl profiles]# net groupmap list
>System Operators (S-1-5-32-549) -> -1
>Domain Guests (S-1-5-21-1135672234-1853056381-2991119365-514) -> -1
>Replicators (S-1-5-32-552) -> -1
>Guests (S-1-5-32-546) -> -1
>Power Users (S-1-5-32-547) -> -1
>Print Operators (S-1-5-32-550) -> -1
>Domain Users (S-1-5-21-1135672234-1853056381-2991119365-513) -> -1
>Administrators (S-1-5-32-544) -> -1
>Account Operators (S-1-5-32-548) -> -1
>Backup Operators (S-1-5-32-551) -> -1
>Users (S-1-5-32-545) -> users
>Domain Admins (S-1-5-21-1135672234-1853056381-2991119365-512) -> dadmin
>
>Since S-1-5-21-1135672234-1853056381-2991119365-514 is the last number
>displayed I could use:
>S-1-5-21-1135672234-1853056381-2991119365-515
>
>Also how does one remove a mapping from a local unixgroup?  It seems
>once mapped, I can only ever assign it to a new group or delete the
>ntgroup and start again.
>
>
>On Thu, 2003-07-24 at 13:18, Jason C. Waters wrote:
>  
>
>>Did you try it after deleting the profile?
>>
>>George Farris wrote:
>>
>>    
>>
>>>Well interestingly enough it only works if I make pwruser (which is
>>>mapped to "Domain Users") be the primary group of the user.  This is
>>>confusing because with the user I have set up for a Domain Admin
>>>(unixgroup dadmin) dadmin is not it's primary group.
>>>
>>>Any thoughts?
>>>
>>>On Thu, 2003-07-24 at 12:22, Felipe Alfaro Solana wrote:
>>> 
>>>
>>>      
>>>
>>>>On Thu, 2003-07-24 at 18:31, George Farris wrote:
>>>>   
>>>>
>>>>        
>>>>
>>>>>I have also struggled with this problem.  It seems one can map a domain
>>>>>group such as Domain Admins and have it take effect on the workstation
>>>>>but Power Users is, I think, a local group and it doesn't work even
>>>>>though one can map a unix group to it.
>>>>>
>>>>>So how can one add users to a Power User group and have it take effect
>>>>>like Domain Admins?
>>>>>     
>>>>>
>>>>>          
>>>>>
>>>>On Windows, the "Power Users" is a local group, that is, it's members
>>>>are not stored on a domain controller, but on the local SAM of the
>>>>machine. Thus, if for an specific machine you want to make all Domain
>>>>Users to be Power Users, you'll need to use Windows administration tools
>>>>and *manually* add the "Domain Users" global group to the "Power Users"
>>>>local group of the machine.
>>>>   
>>>>
>>>>        
>>>>

More information about the samba mailing list