Why is the Groups blank when adding users to a domain?

anon43345481 · November 8, 2016, 4:00pm

Sounds good. But put in the manual about the missing groups who are not showing, but they are really there though.

GG_jr · November 10, 2016, 9:38am

Hi guys,

I’m still confused regarding Users and Groups, I will explain why and I know you will enlighten me! For this, TIA!

Let’s talk about the “administrator” user account.
Here is written:
“After installing Samba Active Directory, the Users and groups page has one default entry: administrator. This account is granted special privileges on some specific services, such as joining a workstation in Samba Active Directory domain.”

Here is written:
“A user can be added to one or more group from the Users page or from the Groups one.”

Here is written:
"A group of user can be used to assign special permissions to some users or to create email distribution lists.

As for the users, a group can be enabled to some (or all) services.

Tip: For delegating permissions to the Server Manager, use the groups managers or administrators.

Two special groups can be created, the users who belong in one of these groups are granted access to the panels of the Server Manager

_administrators_: Users of this group have the same permissions as the root user.
_manager_s: Users of this group are granted access to the Management section."

After all this from above, I understand that:

a user can be added to one or more group.
if I want that the administrator account (or any other user account) to have root privileges, it must belong to the administrators group.
the administrators group can be created (“Two special groups can be created, …”).

But if I want to create the administrators group, the system tell me that the administrators group already exist. Of course, as @giacomo said here.
How can I add a user, no matter who that user is, to a group if I cannot select and edit that group?

If I check to see to which groups belong the administrator, as @davidep said, I obtain this:

[root@pdc-ad ~]# id -z -n -G administrator@abt.ro | sed 's/\x00/\n/g’
domain users@abt.ro
group policy creator owners@abt.ro
enterprise admins@abt.ro
administrators@abt.ro
domain admins@abt.ro
schema admins@abt.ro
denied rodc password replication group@abt.ro
[root@pdc-ad ~]#

So, the administrator belong to the administrators group. That means that the administrator is root. But is not, as @davidep said here.

As I said: I am confused! Please help!

giacomo · November 14, 2016, 3:39pm

For now, you can’t do it from the web interface. We must implement something, I hope as soon as the final is released. I will try gather more requirements before starting to write it.

A user inside the administrators group is an admin but not root. Currently the administrator account is not mapped to root.
At this time, root is a special account which doesn’t belong to any user provider.

Next weekend, the company will organize an internal hackaton (called NethCamp), I hope we will have time to update the manual which is a bit confusing right now

davidep · December 1, 2016, 5:15pm

We are working on an UI enhancement for the “administrators” group. Also “Domain Admins” will be fixed.

On the contrary the “Domain Users” group is special: every domain user is implicitly member of it, so it cannot be handled by our UI.