[Samba] Re: Cannot get DOMAIN ADMINS to work

Michael Lueck mlueck at lueckdatasystems.com
Tue Dec 14 20:53:31 GMT 2004

Ryan Novosielski wrote:
> FWIW, I believe you'll be experiencing problems with this part of your 
> setup:
>> Administrators (S-1-5-32-544) -> ntadmin
>> Domain Admins (S-1-5-21-4008939791-1949703945-886196202-512) -> ntadmin
> I don't believe that is legal. Or perhaps it is only illegal if ntadmin 
> is someone's primary group, not secondary. I just fought with this one 
> myself.
> Does anyone have a good resource on this?

Per John Terpstra the Samba 3 code is a bit grumpy about multiple netgroup mappings "leading down the same path" I'll call it. I'm not sure of the details of the limitation in the code. Very detailed 
testing and use if IFMember /list were the only ways I could figure out what did / did not work here.

I think he said we need only wait to Samba 3.1 to see this get better, vs all the way till Samba 4.

Michael Lueck
Lueck Data Systems

Remove the upper case letters NOSPAM to contact me directly.

More information about the samba mailing list