[Samba] domain group mapping in 3.0.23a issues

Gerald (Jerry) Carter jerry at samba.org
Fri Aug 4 19:10:30 GMT 2006

Hash: SHA1

Chris wrote:
> On Friday 04 August 2006 14:24, Chris wrote:
>> If not, why might members of the domadm group (as in the second
>> example) not have admin priveleges when logging onto the domain?
> I figured this part out....specific RID's are needed 
> for certain groups.  With previous versions the correct RID's
> were assigned and only mapping  needed to be done. Why
> was this ever dropped?

Inconsistent behavior depending on the passdb backend.
You can create built in groups using 'net sam createbuiltingroup <name>'

> Also when mapping something such as "Domain Admins" 
> should the type  be "builtin"? Or is this effectively
> deprecated as there effectively  are no builtin
> groups anymore?

Don't confuse BUILTIN groups with prepopulated mapping entries.
To create a domain admins mapping, run

	"net groupmap add rid=513 unixgroup=foo"

cheers, jerry
Samba                                    ------- http://www.samba.org
Centeris                         -----------  http://www.centeris.com
"What man is a man who does not make the world better?"      --Balian
Version: GnuPG v1.4.4 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org


More information about the samba mailing list