[Samba] Domain Admins

Gary Dale garydale at torfree.net
Wed May 24 21:08:04 GMT 2006

Golden Butler wrote:

> Hi,
> I'm trying to set up one of my users to be a domain admin.  I have 
> unix/ldap group called "domainadm" with "user1" a member of the 
> group.  When I run "net groupmap list" I get the following:
> Domain Admins (S-1-5-21-186220259-3826000728-3192352269-7033) -> 
> domainadm
> But when I go to log in to the domain with "user1" on a winxp machine, 
> the user isn't able to make administrative changes to the computer.
> Is there something I'm doing wrong?
> - Delamatrix
> Samba 3.0.20b
> Openldap
It's not clear what you are trying to do. If the Windows user1 is a 
member of "Domain Admins" and if Domain Admins have administrative 
rights on the winxp machine, user1 should have administrative rights on 
the winxp machine.

If the Unix group domainadm has some special privileges on your Samba 
server, then user1 should be able to exercise those privileges.

Neither condition is automatic however. You need to set up the privileges.

More information about the samba mailing list