Hello Samba people !

Thanks to the great docs available, I was able to setup samba as a PDC in
a few hours. Everything works as I wish, except one thing. As security is
not really a matter in my case, I would like every domain user to be able
to install programs on every domain machine. As I understood, this can be
achieved by adding every domain user in the "Domain Admins" group. Am I
right ? Is there a better way to do this ?

Anyway, after reading groupmapping.html from the howto-collection, I did
this:

net groupmap add ntgroup="Domain Admins" unixgroup=smbadm

eos:~# grep smbadm /etc/group
smbadm:x:1003:toto,root

eos:~# net groupmap list
System Operators (S-1-5-32-549) -> -1
Replicators (S-1-5-32-552) -> -1
Guests (S-1-5-32-546) -> -1
Domain Admins (S-1-5-21-3749086184-651259868-1278831297-3007) -> smbadm
Domain Admins (S-1-5-21-3749086184-651259868-1278831297-512) -> -1
Domain Guests (S-1-5-21-3749086184-651259868-1278831297-514) -> -1
Domain Users (S-1-5-21-3749086184-651259868-1278831297-513) -> -1
Power Users (S-1-5-32-547) -> -1
Print Operators (S-1-5-32-550) -> -1
Administrators (S-1-5-32-544) -> -1
Account Operators (S-1-5-32-548) -> -1
Backup Operators (S-1-5-32-551) -> -1
Users (S-1-5-32-545) -> -1

But it doesn't seem to work. I notice I now have 2 "Domain Admins" groups.
Maybe that is wrong ? I am not using winbind, as I understood it shouldn't
be mandatory in my case.

By the way, not being very "fluent" in windows, how can I check if the
domain-user "toto" is member of one or another domain-group under winxp ?

Any help or advice greatly appreciated !
Marc

PS: here are the relevant parts on my smb.conf file:

eos:~# smbd -V
Version 3.0.14a-Debian

[global]
workgroup = EDI
interfaces = 172.17.200.3, 127.0.0.1
bind interfaces only = Yes
obey pam restrictions = Yes
passdb backend = tdbsam, guest
name resolve order = wins host lmhosts bcast
time server = Yes
logon script = logon.bat
logon path =
logon home =
domain logons = Yes
os level = 70
preferred master = Yes
domain master = Yes
dns proxy = No
wins support = Yes
ldap ssl = no


--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba