System Operators (S-1-5-32-549) -> -1 Dispatch (S-1-5-21-124999916-2847287174-2328787173-1831) -> dispatch Replicators (S-1-5-32-552) -> -1 Guests (S-1-5-32-546) -> -1 Domain Users (S-1-5-21-124999916-2847287174-2328787173-1833) -> domusers Domain Admins (S-1-5-21-124999916-2847287174-2328787173-1825) -> domadm Domain Guests (S-1-5-21-124999916-2847287174-2328787173-1835) -> domguests Mechanics (S-1-5-21-124999916-2847287174-2328787173-1827) -> mech Instructors (S-1-5-21-124999916-2847287174-2328787173-1837) -> instructors Accounting (S-1-5-21-124999916-2847287174-2328787173-1829) -> accounting Domain Admins (S-1-5-21-124999916-2847287174-2328787173-512) -> -1 Domain Guests (S-1-5-21-124999916-2847287174-2328787173-514) -> -1 Domain Users (S-1-5-21-124999916-2847287174-2328787173-513) -> -1 Power Users (S-1-5-32-547) -> -1 Print Operators (S-1-5-32-550) -> -1 Administrators (S-1-5-32-544) -> -1 Account Operators (S-1-5-32-548) -> -1 Backup Operators (S-1-5-32-551) -> -1 Users (S-1-5-32-545) -> -1
Apparently, the default groups already existed, but were not used in the mapping. Instead, new groups with the same name (but not the same GID) were created and mapped. So, my user was in the Domain Admins group but not THE Domain Admins group. I'm not quite sure if this is a flaw in the HOWTO or if this only happens when upgrading from 2.2.x. I was able to fix this problem by deleting the group mappings and remapping with 'net groupmap modify ntgroup="Domain Admins" UNIXgroup=domadm'. I just made these changes, but I am not on site to test if they worked, but I have a hunch that they did.
-- Andrew Gaffney
-- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba