[Samba] PDC Question For Windows Clients
Dariusz Dwornikowski
tdi at cognifide.pl
Mon Jul 17 06:14:05 GMT 2006
> Hmmm...
>
> Well, it's fine for Windows to have a group called "Domain Admins" but
> you need to have Unix groups where these can be mapped.
>
> For example, my PDC returns the following:
>
> Domain Admins (S-1-5-21-71265413-2685657396-3953940223-512) -> root
> Domain Users (S-1-5-21-71265413-2685657396-3953940223-513) -> users
> Domain Guests (S-1-5-21-71265413-2685657396-3953940223-514) -> nobody
>
> You didn't mention (or I missed) what you're using for the password
> backend (e.g. smbpasswd, tdbsam or ldapsam) but you need to ensure that
> you have Unix groups. In John Terpstra's excellent "Samba-3 by Example"
> he uses a script to do that, with the following commands:
>
> net groupmap modify ntgroup="Domain Admins" unixgroup=root
> net groupmap modify ntgroup="Domain Users" unixgroup=users
> net groupmap modify ntgroup="Domain Guests" unixgroup=nobody
>
> You may want to ensure that you really do have groups called "Domain
> Admins", "Domain Guests" and "Domain Computers", keeping in mind that
> spaces in user/group names in Unix isn't recommended.
>
> Barry
>
hmm, my PDC based on smbpasswd return nothing when net groupmap list.
but ldap based PDC returns the same as zdennis's
--
Regards,
Dariusz Dwornikowski Network Administrator
Cognifide Poland
More information about the samba
mailing list