Finally figured out the right magic fairy dust to sprinkle of Samba 3 to make Domain Admins work.
Apparently all the domain member systems still think that RID 512 is in the Administrators group, so the trick was to convince Samba 3 that RID 512 should be applied to the old Unix group that we had for domain admins in Samba 2. Apparently, also, the “net groupmap” command can take lots of arguments, so this works:
net groupmap rid=512 ntgroup=”Domain Admins” unixgroup=whatever
And this overrides the algorithmic RID generation for the whatever Unix group, giving it RID 512, and maps it to “Domain Admins” on the domain side.
Posted by Rowan Littell at August 25, 2004 11:22 AM