[Samba] PDC Question For Windows Clients

Dariusz Dwornikowski tdi at cognifide.pl
Mon Jul 17 06:14:05 GMT 2006


> Hmmm...
>
> Well, it's fine for Windows to have a group called "Domain Admins" but
> you need to have Unix groups where these can be mapped.
>
> For example, my PDC returns the following:
>
> Domain Admins (S-1-5-21-71265413-2685657396-3953940223-512) -> root
> Domain Users (S-1-5-21-71265413-2685657396-3953940223-513) -> users
> Domain Guests (S-1-5-21-71265413-2685657396-3953940223-514) -> nobody
>
> You didn't mention (or I missed) what you're using for the password
> backend (e.g. smbpasswd,  tdbsam or ldapsam) but you need to ensure that
> you have Unix groups.  In John Terpstra's excellent "Samba-3 by Example"
> he uses a script to do that, with the following commands:
>
> net groupmap modify ntgroup="Domain Admins"      unixgroup=root
> net groupmap modify ntgroup="Domain Users"       unixgroup=users
> net groupmap modify ntgroup="Domain Guests"      unixgroup=nobody
>
> You may want to ensure that you really do have groups called "Domain
> Admins", "Domain Guests" and "Domain Computers", keeping in mind that
> spaces in user/group names in Unix isn't recommended.
>
> Barry
>   
hmm, my PDC based on smbpasswd return nothing when net groupmap list.
but ldap based PDC returns the same as zdennis's

-- 
Regards,
Dariusz Dwornikowski      Network Administrator
Cognifide Poland




More information about the samba mailing list