[Samba] Re: Administering Groups
paul kölle
paul at subsignal.org
Sun Nov 13 14:37:29 GMT 2005
Simon Faulkner wrote:
> net groupmap list ntgroup="Domain Admins"
> Domain Admins (S-1-5-21-1065375514-2370838480-4047619883-512) -> -1
>
>
>
> Does this mean I have no group for Domain Admins?
yes
>
> Do I need to map them to root?
depends, AFAIK the "root" group is not special wrt samba, but it usually
owns a lot of security related files so I'd stay away from it. Make a
new group, say "domadms", map it to "Domain Admins" and use it on the
unix side. You can exploit the privilege (man smb.conf <enter>
/privileges<enter>) feature to give members special rights on the
windows side.
hth
Paul
More information about the samba
mailing list