As usual I’m allways visite my blog to read the manual from samba, because i had always got the problem from samba. So i wrote the documentation, I know I will have to come back here to find it hehehe
The following steps describe how to make Samba PDC users members of the Domain Admins group.
1. Create a UNIX group (usually in /etc/group); let’s call it domadm.
2. Add to this group the users that must be “Administrators”. For example, if you want joe, john, and mary to be administrators, your entry in /etc/group will look like this:
3. Map this domadm group to the “Domain Admins” group by executing the command:
The quotes around “Domain Admins” are necessary due to the space in the group name. Also make sure to leave no white space surrounding the equal character (=).
It is possible to map any arbitrary UNIX group to any Windows NT4/200x group as well as to make any UNIX group a Windows domain group. For example, if you wanted to include a UNIX group (e.g., acct) in an ACL on a local file or printer on a Domain Member machine, you would flag that group as a domain group by running the following on the Samba PDC:
User Default RIDs
|Domain Certificate Admins||517||Group||No|
|Domain Schema Admins||518||Group||No|
|Domain Enterprise Admins||519||Group||No|
|Domain Policy Admins||520||Group||No|
|Builtin Power Users||547||Alias||No|
|Builtin Account Operators||548||Alias||No|
|Builtin System Operators||549||Alias||No|
|Builtin Print Operators||550||Alias||No|
|Builtin Backup Operators||551||Alias||No|
|Builtin RAS Servers||553||Alias||No|
Remote Desktop User (S-1-5-21-2081528928-1204200937-4262487566-1000) -> remotedesk
Accounting (S-1-5-21-2081528928-1204200937-4262487566-1001) -> acct
Domain Admins (S-1-5-21-2081528928-1204200937-4262487566-512) -> ntadmin