I'm trying to add a user to the domain admins group in vain. I've tried using the windows usrgrp tool. I've tried doing 'pdbedit -u username -G S-1-5-21-2351621536-730267382-1598341932-512' I've tried 'net groupmember ADD 'Domain Admins' username. The user I'm trying to add is already in the unixgroup that's mapped to the NTgroup. Does any one know the proper way to do this? Here's my groupmappings: [root@samba root]# net groupmap list System Operators (S-1-5-32-549) -> -1 Replicators (S-1-5-32-552) -> -1 Guests (S-1-5-32-546) -> -1 Domain Users (S-1-5-21-2915653246-892158047-278579456-513) -> users Domain Users (S-1-5-21-2351621536-730267382-1598341932-513) -> -1 Domain Admins (S-1-5-21-2351621536-730267382-1598341932-512) -> ntadmins Domain Guests (S-1-5-21-2351621536-730267382-1598341932-514) -> nobody Domain Guests (S-1-5-21-2915653246-892158047-278579456-514) -> -1 Power Users (S-1-5-32-547) -> -1 Domain Users (S-1-5-21-152711010-200846165-2210790283-513) -> users Print Operators (S-1-5-32-550) -> -1 Administrators (S-1-5-32-544) -> -1 Account Operators (S-1-5-32-548) -> -1 X3D Employees (S-1-5-21-2915653246-892158047-278579456-1112) -> david$ Domain Guests (S-1-5-21-152711010-200846165-2210790283-514) -> nobody Backup Operators (S-1-5-32-551) -> -1 Users (S-1-5-32-545) -> -1 Domain Admins (S-1-5-21-2915653246-892158047-278579456-512) -> -1 __________________________________ Do you Yahoo!? New and Improved Yahoo! Mail - 100MB free storage! http://promotions.yahoo.com/new_mail
On Thu, 2004-08-12 at 08:29, David "3oz" Sonenberg wrote:> I'm trying to add a user to the domain admins group in > vain. I've tried using the windows usrgrp tool. I've > tried doing 'pdbedit -u username -G > S-1-5-21-2351621536-730267382-1598341932-512' I've > tried 'net groupmember ADD 'Domain Admins' username. > The user I'm trying to add is already in the unixgroup > that's mapped to the NTgroup. Does any one know the > proper way to do this? Here's my groupmappings: > > [root@samba root]# net groupmap list > System Operators (S-1-5-32-549) -> -1 > Replicators (S-1-5-32-552) -> -1 > Guests (S-1-5-32-546) -> -1 > Domain Users > (S-1-5-21-2915653246-892158047-278579456-513) -> users > Domain Users > (S-1-5-21-2351621536-730267382-1598341932-513) -> -1 > Domain Admins > (S-1-5-21-2351621536-730267382-1598341932-512) -> > ntadmins > Domain Guests > (S-1-5-21-2351621536-730267382-1598341932-514) -> > nobody > Domain Guests > (S-1-5-21-2915653246-892158047-278579456-514) -> -1 > Power Users (S-1-5-32-547) -> -1 > Domain Users > (S-1-5-21-152711010-200846165-2210790283-513) -> users > Print Operators (S-1-5-32-550) -> -1 > Administrators (S-1-5-32-544) -> -1 > Account Operators (S-1-5-32-548) -> -1 > X3D Employees > (S-1-5-21-2915653246-892158047-278579456-1112) -> > david$ > Domain Guests > (S-1-5-21-152711010-200846165-2210790283-514) -> > nobody > Backup Operators (S-1-5-32-551) -> -1 > Users (S-1-5-32-545) -> -1 > Domain Admins > (S-1-5-21-2915653246-892158047-278579456-512) -> -1---- you need to clean up your groupmaps first 1 - from cli net getlocalsid 2 - your local SID should match the SID's below (ignoring the RID) evidently it is either: S-1-5-21-2915653246-892158047-278579456 or S-1-5-21-2351621536-730267382-1598341932 or S-1-5-21-152711010-200846165-2210790283 3 - duplicates/unmapped entries/non matching SID's below>System Operators (S-1-5-32-549) -> -1delete or fix> Replicators (S-1-5-32-552) -> -1delete or fix> Guests (S-1-5-32-546) -> -1delete or fix> Domain Users (S-1-5-21-2915653246-892158047-278579456-513) -> usersok - SID?> Domain Users (S-1-5-21-2351621536-730267382-1598341932-513) -> -1delete> Domain Admins (S-1-5-21-2351621536-730267382-1598341932-512) -> ntadminsok - SID?> Domain Guests (S-1-5-21-2351621536-730267382-1598341932-514) -> nobodyok - SID?> Domain Guests (S-1-5-21-2915653246-892158047-278579456-514) -> -1delete> Power Users (S-1-5-32-547) -> -1delete or fix> Domain Users (S-1-5-21-152711010-200846165-2210790283-513) -> users2nd entry - delete> Print Operators (S-1-5-32-550) -> -1delete or fix> Administrators (S-1-5-32-544) -> -1delete or fix> Account Operators (S-1-5-32-548) -> -1delete or fix> X3D Employees (S-1-5-21-2915653246-892158047-278579456-1112) -> david$doesn't make any sense - david$ is a machine account, not a unix group> Domain Guests (S-1-5-21-152711010-200846165-2210790283-514) -> nobody2nd entry - delete> Backup Operators (S-1-5-32-551) -> -1delete or fix> Users (S-1-5-32-545) -> -1delete or fix> Domain Admins (S-1-5-21-2915653246-892158047-278579456-512) -> -1delete Craig
Hi, I am running 3.06 as a PDC on Debian Stable. I have a set of group mappings as shown. gawain:/home/users/dan# net groupmap list vijay (S-1-5-21-283032880-4000665858-140500845-3047) -> vijay System Operators (S-1-5-32-549) -> -1 bernd (S-1-5-21-283032880-4000665858-140500845-3049) -> bernd Replicators (S-1-5-32-552) -> -1 Guests (S-1-5-32-546) -> -1 Domain Guests (S-1-5-21-283032880-4000665858-140500845-514) -> -1 ian (S-1-5-21-283032880-4000665858-140500845-3051) -> ian russel (S-1-5-21-283032880-4000665858-140500845-3007) -> russel rob (S-1-5-21-283032880-4000665858-140500845-3009) -> rob alvin (S-1-5-21-283032880-4000665858-140500845-3011) -> alvin fang (S-1-5-21-283032880-4000665858-140500845-3013) -> fang geoff (S-1-5-21-283032880-4000665858-140500845-3059) -> geoff vincent (S-1-5-21-283032880-4000665858-140500845-3019) -> vincent Power Users (S-1-5-32-547) -> -1 Domain Power Users (S-1-5-21-283032880-4000665858-140500845-4207) -> pwrusrs Print Operators (S-1-5-32-550) -> -1 Administrators (S-1-5-32-544) -> -1 Domain Admins (S-1-5-21-283032880-4000665858-140500845-512) -> ntadmin Account Operators (S-1-5-32-548) -> -1 helen (S-1-5-21-283032880-4000665858-140500845-3037) -> helen john (S-1-5-21-283032880-4000665858-140500845-3039) -> john Backup Operators (S-1-5-32-551) -> -1 Users (S-1-5-32-545) -> -1 Domain Users (S-1-5-21-283032880-4000665858-140500845-513) -> staff dan (S-1-5-21-283032880-4000665858-140500845-3001) -> dan ross (S-1-5-21-283032880-4000665858-140500845-3003) -> ross Can someone please tell me how I can change the SID of the groups such as "Power Users" so they match the SID for the domain. I have tried to remove and re-add them but this fails. As you can see I have created a group called "Domain Power Users", but ideally I would have liked to map the existing "Power Users" group to my unix group "pwrusrs". Thanks for any help given, Dan. -- ====================================================================Dan Alderman Software Engineer OneEighty Software Ltd. Phone: +44 20 8680 8712 Cygnet House Fax: +44 20 8680 8453 12-14 Sydenham Road Croydon Email: d.alderman@180sw.com CR9 2ET UK Under the Regulation of Investigatory Powers (RIP) Act 2000 together with any and all Regulations in force pursuant to the Act One Eighty Software Ltd reserves the right to monitor any or all incoming or outgoing communications as provided for under the Act.