samba - Jul 2003 - conflicting domain portions are not supported for NETLOGON calls

I'm seeing this error in my log file under samba-3.0beta3.
"The conflicting domain portions are not supported for NETLOGON
calls."

I have created a unix/samba user testuser and a unix group pwruser.
The testuser's primary group is pwruser.

Next I mapped the ntgroup to pwruser with:
"net groupmap modify ntgroup="Power Users"
unixgroup=pwruser"

and net groupmap list shows:
[root@owl samba]# net groupmap list
System Operators (S-1-5-32-549) -> -1
Domain Guests (S-1-5-21-1135672234-1853056381-2991119365-514) -> -1
Replicators (S-1-5-32-552) -> -1
Guests (S-1-5-32-546) -> -1
Power Users (S-1-5-32-547) -> pwruser
Print Operators (S-1-5-32-550) -> -1
Domain Users (S-1-5-21-1135672234-1853056381-2991119365-513) -> -1
Administrators (S-1-5-32-544) -> -1
Account Operators (S-1-5-32-548) -> -1
Backup Operators (S-1-5-32-551) -> -1
Users (S-1-5-32-545) -> -1
Domain Admins (S-1-5-21-1135672234-1853056381-2991119365-512) -> -1

but when I login I get the above message and the user is not a Power
User,  is this a bug in Samba or have I missed a step?

This is a stand alone version of samba, ie, no ldap or ads or other
servers involved.  Samba is set for domain logons and works.

-- 
George Farris  farrisg@mala.bc.ca
Computer Support Cowichan.

On Thu, 2003-07-24 at 02:44, George Farris wrote:
> I'm seeing this error in my log file under samba-3.0beta3.
> "The conflicting domain portions are not supported for NETLOGON
calls."
> 
> I have created a unix/samba user testuser and a unix group pwruser.
> The testuser's primary group is pwruser.
> 
> Next I mapped the ntgroup to pwruser with:
> "net groupmap modify ntgroup="Power Users"
unixgroup=pwruser"
> 
> and net groupmap list shows:
> [root@owl samba]# net groupmap list
> System Operators (S-1-5-32-549) -> -1
> Domain Guests (S-1-5-21-1135672234-1853056381-2991119365-514) -> -1
> Replicators (S-1-5-32-552) -> -1
> Guests (S-1-5-32-546) -> -1
> Power Users (S-1-5-32-547) -> pwruser
You cannot do it this way - power users is determined on the
workstation, and the user can only be a member of groups in it's own
domain.  (not the 'special' groups)


Andrew Bartlett

-- 
Andrew Bartlett                                 abartlet@pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet@samba.org
Student Network Administrator, Hawker College   abartlet@hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url :
http://lists.samba.org/archive/samba/attachments/20030725/3ac9442b/attachment.bin