[Samba] Windows domain group policies

Thomas Angst ta_ldap at granitsoft.ch
Sat Jun 21 16:54:23 GMT 2003


first, thanks for that link. I read the chapters 5,7,23 and 24. And I 
know now, that my question was wrong.
What I really want is to tell each client, that this user is an 
Administrator or is member of an other group I created for w2k clients. 
But all users are per default set to the standard user group. How can I 
set the membership of specific users to another w2k group?

But there is another problem now, which I cannot solve and it seems I am 
not alone with it.
To use policies, Samba has to run as a PDC. And the clients should be 
registred on it. And there is the problem. After I changed the parameter 
add user script to add machine script (maybe you should more emphasise 
in your document, that it has changed) I can now join a machine to the 
After an on the fly joining there is an entry in /etc/passwd and in 
/etc/samba/smbpasswd is it too.
But, after the necessary reboot on the client (w2k SP3) I will get the 
error message:
computer account is not trusted (translated, I am using a german version 
of w2k)

And with Samba versions 2.2.X and the same config file (more or less) on 
the same machine with the same client it is working.
Is this a bug in Samba 3.0b?

I'm using:
Debian 3.0r1
Samba 3.0.0b (Debian unstable)


John H Terpstra schrieb:

>On Fri, 20 Jun 2003, Thomas Angst wrote:
>>Does anybody have an idea how I can set a group membership to a domain user?
>>I don't wan't to set the group membership on each computer one by one.
>>And all Windows admins I asked, doesn't have any anticipation how this
>>will work, if they don't have a button for click it.
>Chapter 23 and 24 of:
>If still not clear then please tell us what to fix. We MUST get this right
>before Samba-3 ships.
>- John T.

More information about the samba mailing list