Hi Felipe, thanks for you reply.
Once LDAP reports the user is present in the group, the system should do the rest. :)
I'll try that.
If this isn't possible, is there a way to map more than one group to the rid=512 (ntgroup="Domain Admins")?
That's also possible, you should use 'net groupmap'
I tried that already, but he keeps telling me that the ntgroup is already mapped (to another group).
At the moment, as a workaround, I created an LDAP-User and add him to the local Administrator group on every Win7 machine. So at least I can use LDAP to change the password, etc.
Regards, Denis -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba