[Samba] does a pdc need to be in the domain itself?
Craig White
craigwhite at azapple.com
Mon Nov 21 22:30:51 GMT 2005
On Mon, 2005-11-21 at 18:04 +0100, Michael Billerbeck wrote:
> Hello List,
>
> we have installed samba Version 3.0.20-0.1-SUSE.
>
> when I'm entering
> > net getlocalsid
> I get
> > SID for domain <netbios name> is:
> S-1-5-21-4166838278-3756557259-2095403906
> entering
> > net getlocalsid <domain name>
> returns
> > SID for domain <domain name> is:
> S-1-5-21-2018781741-1218799122-1862565094
>
> Does this mean that the pdc itself is not in the domain and is it better to
> join the pdc itself to the domain then?
----
I think that is the general consensus. You could have 2 domains and a
trust account between them...you are the administrator.
----
>
> The standard domain groups having the SID part of the first "net
> getlocalsid"
> map to no unix group but they are also not used:
>
> > net groupmap list
> > [...]
> > Domain Users (S-1-5-21-4166838278-3756557259-2095403906-513) -> -1
> > domadmins (S-1-5-21-2018781741-1218799122-1862565094-512) -> admin
> > domguests (S-1-5-21-2018781741-1218799122-1862565094-514) -> nobody
> > Domain Guests (S-1-5-21-4166838278-3756557259-2095403906-514) -> -1
> > Domain Admins (S-1-5-21-4166838278-3756557259-2095403906-512) -> -1
> > domusers (S-1-5-21-2018781741-1218799122-1862565094-513) -> users
> > [...]
>
> On windows machines I can see the domain group "domadmins" in the local
> admin
> group. I can also see the domain groups "domadmins", "domguests" and
> "domusers"
> when browsing the users in the domain on that windows machine, but not the
> standard domain groups "Domain Admins", "Domain Users" or "Domain Guests".
> This seems to be ok.
----
If it's ok, then leave it alone.
Craig
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the samba
mailing list