[Samba] PDC Question For Windows Clients

Dariusz Dwornikowski tdi at cognifide.pl
Mon Jul 17 06:14:05 GMT 2006

> Hmmm...
> Well, it's fine for Windows to have a group called "Domain Admins" but
> you need to have Unix groups where these can be mapped.
> For example, my PDC returns the following:
> Domain Admins (S-1-5-21-71265413-2685657396-3953940223-512) -> root
> Domain Users (S-1-5-21-71265413-2685657396-3953940223-513) -> users
> Domain Guests (S-1-5-21-71265413-2685657396-3953940223-514) -> nobody
> You didn't mention (or I missed) what you're using for the password
> backend (e.g. smbpasswd,  tdbsam or ldapsam) but you need to ensure that
> you have Unix groups.  In John Terpstra's excellent "Samba-3 by Example"
> he uses a script to do that, with the following commands:
> net groupmap modify ntgroup="Domain Admins"      unixgroup=root
> net groupmap modify ntgroup="Domain Users"       unixgroup=users
> net groupmap modify ntgroup="Domain Guests"      unixgroup=nobody
> You may want to ensure that you really do have groups called "Domain
> Admins", "Domain Guests" and "Domain Computers", keeping in mind that
> spaces in user/group names in Unix isn't recommended.
> Barry
hmm, my PDC based on smbpasswd return nothing when net groupmap list.
but ldap based PDC returns the same as zdennis's

Dariusz Dwornikowski      Network Administrator
Cognifide Poland

More information about the samba mailing list