[Samba] Domain Users and smbldap-useradd
John H Terpstra
jht at Samba.Org
Fri Jul 1 22:01:39 GMT 2005
On Friday 01 July 2005 15:51, Tomasz Chmielewski wrote:
> linuxlady schrieb:
> >>No, users can be in other groups you created, like "somecity",
> >>"firstgroup" etc. - that's why the groups are, right? :)
> >
> > Yes, but do users have to be in the group "Domain Users" for samba to
> > work properly?
It is a good idea to have all users as a member of the "Domain Users" group.
That is typically what happens under NT4. Your users can have any domain
global group as their primary group. That too is a standard practice under
Windows.
The purpose of having all users as a member of the "Domain Users" group is so
that workstation logon access can be controlled using a single domain entity.
For example, you may want to set a policy that only members of the "Domain
Users" group can log on locally. That means that no local accounts can be
used if they are inadvertantly created, and thus avoids potential for
security encroachment and systems misuse.
Cheers,
John T.
>
> no.
> I have users grouped in "CityName1", "CityName2" etc. (users from each
> city are in different groups), and everything works fine.
> Of course, it may depend on your setup - if you have some programs or
> scripts, that require the user to be a member of "Domain Users"... but I
> didn't see such a program (which doesn't mean they don't exist).
>
> > And in practice, is the default group for the user, "Domain Users"?
>
> Depends on which tools you use for adding users, but it would be a
> logical choice.
>
> --
> Tomek
> WPKG - automated software deployment with Samba
> http://wpkg.org
--
John H Terpstra
Samba-Team Member
Phone: +1 (650) 580-8668
Author:
The Official Samba-3 HOWTO & Reference Guide, ISBN: 0131453556
Samba-3 by Example, ISBN: 0131472216
Hardening Linux, ISBN: 0072254971
Other books in production.
More information about the samba
mailing list