[Samba] does a pdc need to be in the domain itself?
craigwhite at azapple.com
Mon Nov 21 22:30:51 GMT 2005
On Mon, 2005-11-21 at 18:04 +0100, Michael Billerbeck wrote:
> Hello List,
> we have installed samba Version 3.0.20-0.1-SUSE.
> when I'm entering
> > net getlocalsid
> I get
> > SID for domain <netbios name> is:
> > net getlocalsid <domain name>
> > SID for domain <domain name> is:
> Does this mean that the pdc itself is not in the domain and is it better to
> join the pdc itself to the domain then?
I think that is the general consensus. You could have 2 domains and a
trust account between them...you are the administrator.
> The standard domain groups having the SID part of the first "net
> map to no unix group but they are also not used:
> > net groupmap list
> > [...]
> > Domain Users (S-1-5-21-4166838278-3756557259-2095403906-513) -> -1
> > domadmins (S-1-5-21-2018781741-1218799122-1862565094-512) -> admin
> > domguests (S-1-5-21-2018781741-1218799122-1862565094-514) -> nobody
> > Domain Guests (S-1-5-21-4166838278-3756557259-2095403906-514) -> -1
> > Domain Admins (S-1-5-21-4166838278-3756557259-2095403906-512) -> -1
> > domusers (S-1-5-21-2018781741-1218799122-1862565094-513) -> users
> > [...]
> On windows machines I can see the domain group "domadmins" in the local
> group. I can also see the domain groups "domadmins", "domguests" and
> when browsing the users in the domain on that windows machine, but not the
> standard domain groups "Domain Admins", "Domain Users" or "Domain Guests".
> This seems to be ok.
If it's ok, then leave it alone.
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the samba