[Samba] What makes an account is DOMAIN ADMINISTRATOR?
Beast
beast at setuid.com
Fri Jul 25 10:14:52 GMT 2003
Friday, July 25, 2003, 3:58:57 PM, Beast wrote:
> Friday, July 25, 2003, 2:58:54 PM, Alex wrote:
>> Look into the command 'net groupmap', here is where it lies.
>> for example net groupmap add unixgroup=domainadmins ntgroup="Domain Admins"
>> type=domain
>> this will ´map your local group domainadmins to Domain Admins, so that
>> windows understands it.
>> If you already have groupmaps set up but no groups map to them use net
>> groupmap modify.
> This is my initial map from fresh install :
> [root at potato root]# net groupmap list
> System Operators (S-1-5-32-549) -> -1
> Domain Users (S-1-5-21-682855339-941891451-1873685625-513) -> -1
> Replicators (S-1-5-32-552) -> -1
> Guests (S-1-5-32-546) -> -1
> Domain Guests (S-1-5-21-682855339-941891451-1873685625-514) -> -1
> Power Users (S-1-5-32-547) -> -1
> Print Operators (S-1-5-32-550) -> -1
> Administrators (S-1-5-32-544) -> -1
> Account Operators (S-1-5-32-548) -> -1
> Domain Admins (S-1-5-21-682855339-941891451-1873685625-512) -> -1
> Backup Operators (S-1-5-32-551) -> -1
> Users (S-1-5-32-545) -> -1
> I have root user in smbpasswd and not put his group to
> "Administrators" or "Domain Admins" but why it able to add machine
> trust from Win2k client? any explanation?
> Tks.
Another problem :(
I create ordinary unix user, put in smbadmin unix group.
smbadmin:x:999:beast
I create machine trust account (in unix and smbpasswd)
[root at potato root]# pdbedit -L
beast:500:
trg02$:501:
I map "smbadmin" to "Domain Admins" ntgroup :
Domain Admins (S-1-5-21-682855339-941891451-1873685625-512) -> smbadmin
>From Win2000, I can not joint this client to domain with user "beast", it says : Login
failure: unknown username or bad password.
(FYI, I can login using beast on Win98 client, so no pb in
username/password)
So, what is exactly requirement for Domain admins?????
--beast
More information about the samba
mailing list