Greetings,
I have been playing with 3.0.8rc2 on a test machine to get ready
to upgrade my samba 2 PDC to Samba 3.
I ran across an issue with mapping the domain admin group to a
local UNIX group on the server and I wanted to know if the behavior I
saw was normal or not.
The Samba server is a Sun ultra 1 running Solaris 9, user and
group information is kept in plain old /etc/passwd, /etc/shadow, and
/etc/group.
My group mappings look like:
Domain Admins (S-1-5-21-4122618152-3960105789-1472380918-512) -> ntadmin
Domain Guests (S-1-5-21-4122618152-3960105789-1472380918-514) -> nobody
Domain Users (S-1-5-21-4122618152-3960105789-1472380918-513) -> staff
My test user was a member of the ntadmin group - BUT it was NOT
the primary group for that account (the primary group was staff.) Every
time I logged in as the test user the windows machine refused to accept
the test user as an administrator.
I tried changing the test user's primary group to a group other
than the one mapped to "Domain Users" in case Samba/Windows was
selecting the most restrictive group membership for use - but that did
not make a difference.
When I changed the test user's primary group to ntadmin, then the
windows client accepted the test user as an administrator.
So, now my questions - I did not read anything in the chapter 11 of the
manual that covered this.
Is this the expected behavior?
Does Samba not look at secondary group memberships for accounts?
Is this something odd because I am on a Solaris box? (hey, it
has happened before.)
Thanks!
Bob Martel
--
***********************************************************************
Bob Martel,System Administrator I met someone who looks a lot like you
Levin College of Urban Affairs She does the things you do
Cleveland State University But she is an IBM
(216) 687-2214
bob@urban.csuohio.edu -Jeff Lynne
***********************************************************************