Hello Samba people ! Thanks to the great docs available, I was able to setup samba as a PDC in a few hours. Everything works as I wish, except one thing. As security is not really a matter in my case, I would like every domain user to be able to install programs on every domain machine. As I understood, this can be achieved by adding every domain user in the "Domain Admins" group. Am I right ? Is there a better way to do this ?
Anyway, after reading groupmapping.html from the howto-collection, I did this: net groupmap add ntgroup="Domain Admins" unixgroup=smbadm eos:~# grep smbadm /etc/group smbadm:x:1003:toto,root eos:~# net groupmap list System Operators (S-1-5-32-549) -> -1 Replicators (S-1-5-32-552) -> -1 Guests (S-1-5-32-546) -> -1 Domain Admins (S-1-5-21-3749086184-651259868-1278831297-3007) -> smbadm Domain Admins (S-1-5-21-3749086184-651259868-1278831297-512) -> -1 Domain Guests (S-1-5-21-3749086184-651259868-1278831297-514) -> -1 Domain Users (S-1-5-21-3749086184-651259868-1278831297-513) -> -1 Power Users (S-1-5-32-547) -> -1 Print Operators (S-1-5-32-550) -> -1 Administrators (S-1-5-32-544) -> -1 Account Operators (S-1-5-32-548) -> -1 Backup Operators (S-1-5-32-551) -> -1 Users (S-1-5-32-545) -> -1 But it doesn't seem to work. I notice I now have 2 "Domain Admins" groups. Maybe that is wrong ? I am not using winbind, as I understood it shouldn't be mandatory in my case. By the way, not being very "fluent" in windows, how can I check if the domain-user "toto" is member of one or another domain-group under winxp ? Any help or advice greatly appreciated ! Marc PS: here are the relevant parts on my smb.conf file: eos:~# smbd -V Version 3.0.14a-Debian [global] workgroup = EDI interfaces = 172.17.200.3, 127.0.0.1 bind interfaces only = Yes obey pam restrictions = Yes passdb backend = tdbsam, guest name resolve order = wins host lmhosts bcast time server = Yes logon script = logon.bat logon path = logon home = domain logons = Yes os level = 70 preferred master = Yes domain master = Yes dns proxy = No wins support = Yes ldap ssl = no -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba