[Samba] Re: WinXP registry problems on SMB PDC

[Michael Lueck]

Have you checked to see what your effective permissions are on the workstation. A good way to do this is with the M$ ISMember utility with the /list option. I ran into issues making group mapping work 
properly.

I ended up greating four groups in /etc/group which would cover what permissions I want users to have when they log into Windows within the Windows OS. Then created four groups in Samba and mapped 
between those Samba groups and the groups I had created in /etc/group. I kept them the same name in both places for sanity. I also limited them to 8 chars max.

Finally I did net localgroup commands on the workstations, removing the two that get added when you join the domain - local administrators to domain admins, and local users to domain users... as 
domain and local permissions are different in my book and one should not assume a 1:1 relationship there. Anyway, added my four new domain groups to the four main local groups (Admin, Power User, 
User, Guest) and baddabing-baddaboom I can manage local Windows permissions from /etc/group.

-- 
Michael Lueck
Lueck Data Systems

Remove the upper case letters NOSPAM to contact me directly.