Domain Admin for Win Boxes from OS X 10.4 server

[cpaul]

Hi,

How do you make a user act as a domain admin in 10.4 server? In 10.3 it was easy to just map the Domain Admin group to a group such as winadmin, but that doesn’t seem to be the case in 10.4. The Domain Admin group doesn’t even exist in the when a net groupmap list is done – Domain User does exist.

Hopefully someone can lend me a hand.

Thanks.

[cpaul]

Josh,

Yep, I thought it would have worked to, (I used it for 10.3) but it fails in 10.4:

arwen:/ chrispaul$ sudo net groupmap modify ntgroup=”Domain Admins” unixgroup=winadmins
Password:
[2005/07/05 23:20:24, 0] pdb_ods.cdssam_getgrnam(2906)
odssam_getgrnam: [0]get_sam_record_attributes dsRecTypeStandard:Groups no account for ‘Domain Admins’!
NT Group Domain Admins doesn’t exist in mapping DB
arwen:/ chrispaul$

When I do a net groupmap list, I get the following (No Domain Admins and excluding groups I created for fileshare purposes):

arwen:/ chrispaul$ sudo net groupmap list
[2005/07/05 23:22:54, 0] pdb_ods.cdssam_setgrpwent(2734)
odssam_setgrpwent: update(0)
[2005/07/05 23:22:54, 0] pdb_ods.cdssam_getgrpwent(2754)
odssam_getgrpwent: entriesAvailable(0) contextData(0x0)
[2005/07/05 23:22:54, 0] pdb_ods.cdssam_getgrpwent(2766)
odssam_getgrpwent: entriesAvailable Take 2(34) contextData(0x237c980)
[2005/07/05 23:22:54, 0] pdb_ods.cdssam_getgrpwent(2754)
odssam_getgrpwent: entriesAvailable(34) contextData(0x237c980)
[2005/07/05 23:22:54, 0] pdb_ods.cdssam_getgrpwent(2766)
odssam_getgrpwent: entriesAvailable Take 2(12) contextData(0x238a670)
[2005/07/05 23:22:54, 0] pdb_ods.cdssam_getgrpwent(2754)
odssam_getgrpwent: entriesAvailable(12) contextData(0x238a670)
[2005/07/05 23:22:54, 0] pdb_ods.cdssam_getgrpwent(2766)
odssam_getgrpwent: entriesAvailable Take 2(38) contextData(0x237c980)
[2005/07/05 23:22:54, 0] pdb_ods.cdssam_getgrpwent(2754)
odssam_getgrpwent: entriesAvailable(38) contextData(0x237c980)
[2005/07/05 23:22:54, 0] pdb_ods.cdssam_getgrpwent(2766)
odssam_getgrpwent: entriesAvailable Take 2(38) contextData(0x238a670)
[2005/07/05 23:22:54, 0] pdb_ods.cdssam_getgrpwent(2754)
odssam_getgrpwent: entriesAvailable(38) contextData(0x238a670)
[2005/07/05 23:22:54, 0] pdb_ods.cdssam_getgrpwent(2766)
odssam_getgrpwent: entriesAvailable Take 2(37) contextData(0x237c980)
[2005/07/05 23:22:54, 0] pdb_ods.cdssam_getgrpwent(2754)
odssam_getgrpwent: entriesAvailable(37) contextData(0x237c980)
[2005/07/05 23:22:54, 0] pdb_ods.cdssam_getgrpwent(2766)
odssam_getgrpwent: entriesAvailable Take 2(24) contextData(0x0)
[2005/07/05 23:22:54, 0] pdb_ods.cdssam_getgrpwent(2754)
odssam_getgrpwent: entriesAvailable(24) contextData(0x0)
Nobody (S-1-0-0) -> nobody
Domain Guests (S-1-5-21-2193022877-2549489024-278606689-514) -> nogroup
System Group (S-1-5-21-100) -> wheel
Local System (S-1-5-18) -> daemon
Kernel Memory (S-1-5-21-102) -> kmem
System (S-1-5-21-103) -> sys
Terminal (S-1-5-21-104) -> tty
System Operators (S-1-5-21-105) -> operator
SMTP Mail (S-1-5-21-106) -> mail
Binary (S-1-5-21-107) -> bin
Users (S-1-5-32-545) -> staff
Print Operators (S-1-5-32-550) -> lp
SMTP Mail Access (S-1-5-21-127) -> postfix
SMTP Mail Posting (S-1-5-21-128) -> postdrop
certusers (S-1-5-21-2193022877-2549489024-278606689-1059) -> certusers
utmp (S-1-5-21-145) -> utmp
uucp (S-1-5-21-166) -> uucp
Dialup (S-1-5-1) -> dialer
Network Config Users (S-1-5-21-169) -> network
HTTP Users (S-1-5-21-170) -> www
MySQL Users (S-1-5-21-174) -> mysql
SSH Users (S-1-5-21-175) -> sshd
QuickTime Streaming (S-1-5-21-176) -> qtss
Mailing List (S-1-5-21-178) -> mailman
Application Server (S-1-5-21-179) -> appserverusr
Administrators (S-1-5-32-544) -> admin
App Server Admins (S-1-5-21-181) -> appserveradm
SPAM Assassin Group 1 (S-1-5-21-183) -> clamav
SPAM Assassin Group 2 (S-1-5-21-183) -> amavisd
Chat Server Group (S-1-5-21-184) -> jabber
xgridcontroller (S-1-5-21-2193022877-2549489024-278606689-1171) -> xgridcontroller
xgridagent (S-1-5-21-2193022877-2549489024-278606689-1173) -> xgridagent
appowner (S-1-5-21-2193022877-2549489024-278606689-1175) -> appowner
windowserver (S-1-5-21-2193022877-2549489024-278606689-1177) -> windowserver
Accessibility Group (S-1-5-21-190) -> accessibility
tokend (S-1-5-21-2193022877-2549489024-278606689-1183) -> tokend
securityagent (S-1-5-21-2193022877-2549489024-278606689-1185) -> securityagent
Guests (S-1-5-32-546) -> unknown
Everyone (S-1-1-0) -> everyone
Authenticated Users (S-1-5-11) -> authedusers
Interactive (S-1-5-4) -> interactusers
Network (S-1-5-2) -> netusers
Terminal Server User (S-1-5-13) -> consoleusers
Creator Owner (S-1-3-0) -> owner
Creator Group (S-1-3-1) -> group
smmsp (S-1-5-21-125) -> smmsp
admin (S-1-5-21-2193022877-2549489024-278606689-1161) -> admin
staff (S-1-5-21-2193022877-2549489024-278606689-1041) -> staff

[cpaul]

Anyone?

[Anonymous]

I too would like an answer to this question.

[Anonymous]

Okay, this is how I did it.

In Workgroup Manager I enabled the inspector/all records (Workspace Manager -> Preferences -> Show “All Records” tab and inspector”) and then I created the group for my Domain Administrators (I called them Domain Admins and left the shortname as the default domainadmins).

Then I went into the All Records section (by clicking on the ‘Bullseye’), selected Groups from the dropdown menu and then clicked on the shortname for my Domain Admins (again in my case domainadmins).

Now, here’s the important part. You want to add a new attribute, click on the button that says as much and then from the dropdown box select the one that says SMBRID, and enter 512 for the text. Hit okay and you’ve just created your Domain Admins group.

[Tamino]

Wow! You don’t know how long I’ve been looking for this!

Only problem. When I join a Windows 2000 Pro / XP Pro Client to the Mac OS X Windows Domain the \Domain Admins group appears in the local Administrators group, however I don’t have rights when I log into the Client as one of the members of that group. I get Access Denied!

Any ideas?

[Author]

Posts