similar to: NT4 PDC, domain admin group on samba file server

Considering the following page... http://us3.samba.org/samba/docs/man/guide/small.html First of, my compliments to John for some great examples to study. In my mind I see three levels of security: 1) Linux - such as SSH'ing into the Linux server, Linux accounts and groups come into play here 2) Samba PDC - "Domain Admins" "Domain Users" come into play here. Examples

Hi, I am in the process of migrating our windows workstations to a samba domain. Here is the problem: When creating the domain user I put every user additionalyy in the domain admin group so that he/she can copy his old files on the local profile to his new domain account. Then after this is done I put them to the domain users group but some (!) of the user the lose then access to the

Hello List, we have installed samba Version 3.0.20-0.1-SUSE. when I'm entering > net getlocalsid I get > SID for domain <netbios name> is: S-1-5-21-4166838278-3756557259-2095403906 entering > net getlocalsid <domain name> returns > SID for domain <domain name> is: S-1-5-21-2018781741-1218799122-1862565094 Does this mean that the pdc itself is not in the domain

Hi, since I was bitten badly by this today, I take the additional time to report this issue here. After upgrading from samba 3.5.8 to 3.6.0rc3, Administrator on the xp clients (yes, still xp sp3, no vista, no win7 clients here) lost its admin privileges. My Samba PDC setup evolved over about a decade now, but since it still needs to support a small environment only (20 xp, 30 users), I

Hi, maybe I didn't explained myself well. What i meant is that the user can't have the SID S-1-5-21-528226156-890416033-2029241632 but MUST have a sid like S-1-5-21-528226156-890416033-2029241632-xxxx ( where x is usually assigned automatically by the add user's script) Best Regards, Bruno Guerreiro -----Original Message----- From: Jos? M. Fandi?o [mailto:samba@fadesa.es] Sent:

Hi I've been running Samba 2.x for years but decided to move up to 3.0.2. I've set up a new samba server with a workgroup NEWBIOSS and netbios name PARETO. Im having problems setting up my domain admins. I used 'net groupmap modify "Domain Admins" unixgroup=domadmin' my 'net groupmap list' shows : System Operators (S-1-5-32-549) -> -1 Replicators

We have bumped into a most odd problem. Server: Debian Etch and their Samba 3.0.24-2 Client: WinXP SP2, MSI v3, all hot fixes The following settings are in place on the server: #!/bin/bash # # initGrps.sh # Map Windows Domain Groups to UNIX groups net groupmap add ntgroup="Domain Admins" unixgroup=domadmin rid=512 type=d net groupmap add ntgroup="Domain Users"

Hi, I have the following situation concerning group mapping: when I enter > net getlocalsid I get > SID for domain PDC is: S-1-5-21-4166838278-3756557259-2095403906 when I enter > net getlocalsid DOMAIN I get >SID for domain DOMAIN is: S-1-5-21-2018781741-1218799122-1862565094 The group mapping shows > net groupmap list > Domain Users

I am testing out Debian Etch, and ran into an issue granting SeMachineAccountPrivilege to an account... which granting that permission had been troublesome in the past. The command I am issuing is: net rpc rights grant LDS-DEMO\\ldsinst SeMachineAccountPrivilege And I try running the command with an account that is a member of the "Domain Admins" group. The command returns: Failed to

First off, on the Windows side I use "ifmember.exe /list" to check the group membership in affect for the currently logged in domain user, works like a charm. However, Linux side is another story, specifically the net command. We have, among others, the following mapping in place: net groupmap modify ntgroup="Domain Admins" unixgroup=domadmin Based on this documentation:

Hello list, When I try to log in a samba 3.0.13 server from a XP Pro machine, I get this error: [2005/04/15 10:57:00, 1] rpc_server/srv_netlog_nt.c:_net_sam_logon(766) _net_sam_logon: user BETA\usuario1 has user sid S-1-5-21-528226156-890416033-2029241632 but group sid S-1-5-21-528226156-890416033-2029241632-513. The conflicting domain portions are not supported for NETLOGON calls What

Hello. After fresh install. Samba and ldap seems to run normally ( I can join win2k workstation to linux samba pdc ). Using yast I create a system group named domadmin But I am unable to map "Domain Admins" to domadmin I am unable to map "Domain Admins" to existing ntadmin group I am unable to mofify mapping "Domain Admins" to domadmin group Thank you for

i am also struggling with having a windows machine (xp) connect to a sampa-ldap pdc. as far as the guide detailing vegeta's work, i'm somewhere around step 5 where you groupmap the windows groups to the linux groups. but unfortunately when i run the command: net groupmap add ntgroup="Domain Admins" unixgroup=domadmin it fails. the error returned is : adding entry Domain Admins

Hi, I think at first you have to do a net groupmap add all the well known Groups. System Operators (S-1-5-32-549) -> -1 Replicators (S-1-5-32-552) -> -1 Guests (S-1-5-32-546) -> -1 Domain Users (S-1-5-21-3732367786-856876144-3282938955-513) -> -1 Domain Admins (S-1-5-21-3732367786-856876144-3282938955-512) -> -1 Power Users (S-1-5-32-547) -> -1 Domain Guests

Hi, Same problem for me, any clue ? Gana?l. owen@isrl.uiuc.edu@lists.samba.org on 07/31/2003 01:42:21 AM Envoy? par : samba-bounces+ganael.laplanche=edf.fr@lists.samba.org Pour : samba@lists.samba.org cc : Objet : [Samba] groupmember list fails with 3.0.0b3 and LDAP Hi all, I've been working on a PDC with group mapping with Samba-3.0.0Beta3 with OpenLDAP-2.1.22. Things

Hi, i can't delete groupmap in my samba 3.0.12: # net groupmap list Domain Users (S-1-5-21-3984604316-2900431957-2958281145-513) -> products Domain Admins (S-1-5-21-3984604316-2900431957-2958281145-513) -> man Domain Admins (S-1-5-21-3984604316-2900431957-2958281145-512) -> domadmin Domain Users (S-1-5-21-3984604316-2900431957-2958281145-513) -> domuser # net groupmap delete

I groupapped the domadmins group in linux to ntgroup="Domain Admins" but instead of mapping to the SID number ending in 512 it's creating a new SID number endind in 2025 mapped to domadmins... Does anybody knows why??? It worked in the previous server. This is the command I execute net groupmap add ntgroup="Domain Admins" unixgroup=domadmin If I use the rid=512 option I

I'm about to give up. It's been months now that I've been playing around with Samba 3.0. I've downloaded their documentation. Tried to follow it as much as possible, but I'm getting no where with adding machine accounts to a Domain, real fast. I've asked this question a couple of times at the Samba Mailing list, but have gotten no reply(probably my fault, not enough info).

Hey. I'm trying to move my existing MS-AD over to SAMBA, the place I'm working for is changing all servers from MS to Debian, but all the clients is still a mixed environment for now. We have MAC, *NIX, and Windows clients, so its imported that everything keeps running in the same or almost the same way as before the change but. When I try to join a Windows Vista Ultimate ore Windows

Hi all, I'm testing group mapping, wondering how It works exactly... I thought Samba was storing a mapping table allowing to retreive infos on Unix/Windows groups in a DYNAMIC way. Unfortunately, group mapping seems to be static, here is what I did : [I'm using Samba b3v3 + LDAP, WITHOUT nss-ldap/pam-ldap/winbind -> everything is stored in my /etc/passwd and /etc/group + in LDAP for