[Samba] does a pdc need to be in the domain itself?
Michael Billerbeck
billerbeck at adesso.de
Mon Nov 21 17:04:24 GMT 2005
Hello List,
we have installed samba Version 3.0.20-0.1-SUSE.
when I'm entering
> net getlocalsid
I get
> SID for domain <netbios name> is:
S-1-5-21-4166838278-3756557259-2095403906
entering
> net getlocalsid <domain name>
returns
> SID for domain <domain name> is:
S-1-5-21-2018781741-1218799122-1862565094
Does this mean that the pdc itself is not in the domain and is it better to
join the pdc itself to the domain then?
The standard domain groups having the SID part of the first "net
getlocalsid"
map to no unix group but they are also not used:
> net groupmap list
> [...]
> Domain Users (S-1-5-21-4166838278-3756557259-2095403906-513) -> -1
> domadmins (S-1-5-21-2018781741-1218799122-1862565094-512) -> admin
> domguests (S-1-5-21-2018781741-1218799122-1862565094-514) -> nobody
> Domain Guests (S-1-5-21-4166838278-3756557259-2095403906-514) -> -1
> Domain Admins (S-1-5-21-4166838278-3756557259-2095403906-512) -> -1
> domusers (S-1-5-21-2018781741-1218799122-1862565094-513) -> users
> [...]
On windows machines I can see the domain group "domadmins" in the local
admin
group. I can also see the domain groups "domadmins", "domguests" and
"domusers"
when browsing the users in the domain on that windows machine, but not the
standard domain groups "Domain Admins", "Domain Users" or "Domain Guests".
This seems to be ok.
with regards
Michael
More information about the samba
mailing list