[Samba] domain group mapping in 3.0.23a issues
Gerald (Jerry) Carter
jerry at samba.org
Fri Aug 4 19:10:30 GMT 2006
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Chris wrote:
> On Friday 04 August 2006 14:24, Chris wrote:
>> If not, why might members of the domadm group (as in the second
>> example) not have admin priveleges when logging onto the domain?
>
> I figured this part out....specific RID's are needed
> for certain groups. With previous versions the correct RID's
> were assigned and only mapping needed to be done. Why
> was this ever dropped?
Inconsistent behavior depending on the passdb backend.
You can create built in groups using 'net sam createbuiltingroup <name>'
> Also when mapping something such as "Domain Admins"
> should the type be "builtin"? Or is this effectively
> deprecated as there effectively are no builtin
> groups anymore?
Don't confuse BUILTIN groups with prepopulated mapping entries.
To create a domain admins mapping, run
"net groupmap add rid=513 unixgroup=foo"
cheers, jerry
=====================================================================
Samba ------- http://www.samba.org
Centeris ----------- http://www.centeris.com
"What man is a man who does not make the world better?" --Balian
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFE05umIR7qMdg1EfYRAnaSAKCixz5sGL34Ccvw+ODhdXXBJSvBcwCgrN4E
x0UkAeIatlI0Iez6ucDseCM=
=tEvW
-----END PGP SIGNATURE-----
More information about the samba
mailing list