If a user is a simple member of our unix "domain admins" group, and his primary unix group is not "domain admins", he has no domain admin rights on a windows XP client. In the follwoing setting, the user has no admin rights: [maurer@rioja maurer]$ id -a trinkl uid=530(trinkl) gid=512(Domain Admins) Gruppen=512(Domain Admins),544(Administrators),700(management),500(itsdgroup) If I change the primary group of this user to domain admins, the rights on the client are correct. In this setting, the user has admin rights on the client. [maurer@rioja maurer]$ id -a trinkl uid=530(trinkl) gid=512(Domain Admins) Gruppen=512(Domain Admins),544(Administrators),700(management),500(itsdgroup) We were using samba 3.0.1 with ldap as passdb backend if you need som logs, give me a note
please test 3.0.11 and reopen if necessary. Note that the 'Domain Admins' group has to have a rid of 512.
sorry for the same, cleaning up the database to prevent unecessary reopens of bugs.