[Samba] Re: Cannot get DOMAIN ADMINS to work
mlueck at lueckdatasystems.com
Tue Dec 14 20:53:31 GMT 2004
Ryan Novosielski wrote:
> FWIW, I believe you'll be experiencing problems with this part of your
>> Administrators (S-1-5-32-544) -> ntadmin
>> Domain Admins (S-1-5-21-4008939791-1949703945-886196202-512) -> ntadmin
> I don't believe that is legal. Or perhaps it is only illegal if ntadmin
> is someone's primary group, not secondary. I just fought with this one
> Does anyone have a good resource on this?
Per John Terpstra the Samba 3 code is a bit grumpy about multiple netgroup mappings "leading down the same path" I'll call it. I'm not sure of the details of the limitation in the code. Very detailed
testing and use if IFMember /list were the only ways I could figure out what did / did not work here.
I think he said we need only wait to Samba 3.1 to see this get better, vs all the way till Samba 4.
Lueck Data Systems
Remove the upper case letters NOSPAM to contact me directly.
More information about the samba