FWIW, I believe you'll be experiencing problems with this part of your setup:
Administrators (S-1-5-32-544) -> ntadmin Domain Admins (S-1-5-21-4008939791-1949703945-886196202-512) -> ntadmin
I don't believe that is legal. Or perhaps it is only illegal if ntadmin is someone's primary group, not secondary. I just fought with this one myself.
Does anyone have a good resource on this?
Per John Terpstra the Samba 3 code is a bit grumpy about multiple netgroup mappings "leading down the same path" I'll call it. I'm not sure of the details of the limitation in the code. Very detailed testing and use if IFMember /list were the only ways I could figure out what did / did not work here.
I think he said we need only wait to Samba 3.1 to see this get better, vs all the way till Samba 4.
-- Michael Lueck Lueck Data Systems
Remove the upper case letters NOSPAM to contact me directly.
-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
