[Samba] What makes an account is DOMAIN ADMINISTRATOR?
Beast
beast at setuid.com
Fri Jul 25 08:58:57 GMT 2003
Friday, July 25, 2003, 2:58:54 PM, Alex wrote:
> Look into the command 'net groupmap', here is where it lies.
> for example net groupmap add unixgroup=domainadmins ntgroup="Domain Admins"
> type=domain
> this will ´map your local group domainadmins to Domain Admins, so that
> windows understands it.
> If you already have groupmaps set up but no groups map to them use net
> groupmap modify.
This is my initial map from fresh install :
[root at potato root]# net groupmap list
System Operators (S-1-5-32-549) -> -1
Domain Users (S-1-5-21-682855339-941891451-1873685625-513) -> -1
Replicators (S-1-5-32-552) -> -1
Guests (S-1-5-32-546) -> -1
Domain Guests (S-1-5-21-682855339-941891451-1873685625-514) -> -1
Power Users (S-1-5-32-547) -> -1
Print Operators (S-1-5-32-550) -> -1
Administrators (S-1-5-32-544) -> -1
Account Operators (S-1-5-32-548) -> -1
Domain Admins (S-1-5-21-682855339-941891451-1873685625-512) -> -1
Backup Operators (S-1-5-32-551) -> -1
Users (S-1-5-32-545) -> -1
I have root user in smbpasswd and not put his group to
"Administrators" or "Domain Admins" but why it able to add machine
trust from Win2k client? any explanation?
Tks.
--beast
More information about the samba
mailing list