[Samba] Re: Administering Groups

paul kölle paul at subsignal.org
Sun Nov 13 14:37:29 GMT 2005

Simon Faulkner wrote:
> net groupmap list ntgroup="Domain Admins"
> Domain Admins (S-1-5-21-1065375514-2370838480-4047619883-512) -> -1
> Does this mean I have no group for Domain Admins?

> Do I need to map them to root?
depends, AFAIK the "root" group is not special wrt samba, but it usually
owns a lot of security related files so I'd stay away from it. Make a
new group, say "domadms", map it to "Domain Admins" and use it on the
unix side. You can exploit the privilege (man smb.conf <enter>
/privileges<enter>) feature to give members special rights on the
windows side.


More information about the samba mailing list