[Samba] Domain Admins
Neil Muller
neil at neologix.net.au
Thu May 25 00:22:48 GMT 2006
Golden Butler wrote:
> Hi,
>
> I'm trying to set up one of my users to be a domain admin. I have
> unix/ldap group called "domainadm" with "user1" a member of the group.
> When I run "net groupmap list" I get the following:
>
> Domain Admins (S-1-5-21-186220259-3826000728-3192352269-7033) -> domainadm
>
> But when I go to log in to the domain with "user1" on a winxp machine,
> the user isn't able to make administrative changes to the computer.
>
> Is there something I'm doing wrong?
>
> - Delamatrix
>
> SLES9-SP3
> Samba 3.0.20b
> Openldap
>
I think you may need to check the rid you have used for the Domain
Admins group. According to
http://us3.samba.org/samba/docs/man/Samba-HOWTO-Collection/groupmapping.html
this is one of the well known rids which must be maintained for correct
functioning of the NT groups systems. You have a rid of 7033 and I think
it should be 512.
Neil
--
email: neil at neologix.net
More information about the samba
mailing list