Conrad Wood wrote:
Hi,
I have recently upgaded from samba 2.2 to samba 3.0.
I used to have "domain admin group = @winadmin" in my smb.conf,
but I understand from the documentation that it is deprecated
in favour of "net groupmap set "Domain Admin" winadmin".
I would expect unix users who are members of the unix group winadmin to become Domain Admins, then, but they don't ?.
Do I understand this correctly that unix users that are a member of the unix group winadmin then will be "advertised" as being a member of the NT Group "Domain Admins" to windows machines? The windows box applies whatever permissions the "Domain Admins" have for this box, by default "Administrator"?
My server is a debian gnu/linux box in a test environment. My windows machine(s) are run within vmware, windows XP and 2k.
Details:
************************* snip ************** on the server the groupmapping is as follows: [EMAIL PROTECTED]:~# net groupmap list System Operators (S-1-5-32-549) -> -1 Replicators (S-1-5-32-552) -> -1 Guests (S-1-5-32-546) -> -1 Domain Users (S-1-5-21-520677601-194623159-390525435-513) -> cnw Domain Admins (S-1-5-21-520677601-194623159-390525435-1219) -> winadmin Domain Users (S-1-5-21-520677601-194623159-390525435-3005) -> cnw Power Users (S-1-5-32-547) -> -1 Print Operators (S-1-5-32-550) -> -1 Administrators (S-1-5-32-544) -> winadmin Account Operators (S-1-5-32-548) -> -1 Domain Guests (S-1-5-21-520677601-194623159-390525435-514) -> -1 Domain Admins (S-1-5-21-520677601-194623159-390525435-512) -> winadmin Backup Operators (S-1-5-32-551) -> -1 Users (S-1-5-32-545) -> winadmin ****************************************************************
On windows it seems to accept that ish: (intented to copy and paste from a msdos box but failed miserably so here's the written out extract ;) ) c:\>net user cnw /DOMAIN .... blurb.... Local Group Memberships *dialout <- WTF??? Global Group memberships *Domain Users *Domain Admins The command completed sucessfully. c:\>
*****************************************************************
Doesn't above mean I should be administrator (when logged in as cnw)? (And before you ask, cnw *is* a member of winadmin ;) ) However, if I try to open the TCP/IP properties windows tells me that I do not have access...
I am new to samba 3.0 and so far only read the publicly available documentation, so I would like to double check whether I understand this correctly.
Thank you,
Conrad
--
Paul Gienger Office: 701-281-1884
Applied Engineering Inc. Information Systems Consultant Fax: 701-281-1322
URL: www.ae-solutions.com mailto: [EMAIL PROTECTED]
-- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
