[Samba] 2k / NT4 trust and local/global groups

Spaceboy spaceboy at spaceboy.co.uk
Tue Jan 18 17:10:07 GMT 2005


Got a 2k ADS server with a trust to NT4 PDC...

what I'm trying to achieve is to have users on the NT4 PDC assigned to 
security groups in Win2k AD, with Samba joined to the AD and 
authenticating users in AD.

I have the NT4 -> 2k trust working fine both directions.
Samba has been joined to the 2k AD realm.

Running wbinfo -g I can see 2k global groups and NT4 groups however I 
cannot see 2k local domain groups.

The problem with this arrangement is that NT4 users can only be members 
of a 2k local domain group, and not a global group.

so, 2k local groups contain the users I want to authenticate, but I can 
only see 2k global groups (which can't contain NT users).


any ideas?

I've tried creating global groups containing local domain groups - no joy.
I'm running in mixed mode for the trust to work.

any help / suggestions appreciated.



More information about the samba mailing list