[Samba] net groupmap modify ntgroup="Domain Admins" ... succeeds
but fails
Kaleb Pederson
kpederson at mail.ewu.edu
Wed Oct 15 20:20:36 GMT 2003
After reading through the documentation, I realized that as a part of the
migration process from Samba-2.2.X to Samba-3.0.0 I needed to convert
everyone in my smbadmin group (previously domain admin group = @smbadmin) to
the "Domain Admins" group w/rid=512. So, I issued the following command:
[root at localhost profile]# net groupmap modify ntgroup="Domain Admins"
unixgroup=smbadmin
The command succeded as was evidenced by net groupmap list:
[root at localhost profile]# net groupmap list
System Operators (S-1-5-32-549) -> -1
...
Domain Admins (S-1-5-21-3270268339-1200857648-3960152354-512) -> smbadmin
My understanding of the documentation is that the Domain Admins group is
automatically added to the Administrators on all machines that are a member
of the domain, however, when I try to log into any of these machines as an
administrator, I authenticate successfully but am not considered to be an
administrator.
To get around this for now, I logged onto the given local machine, went to the
user management section, and added the individual account to the
Administrators group. This is a rough hack, but works.
What am I doing wrong? How come I'm an administrator without any
administrator permissions?
Thanks.
--Kaleb
More information about the samba
mailing list