Group Memberships & ACL permissions?

Gerald W. Carter cartegw at Eng.Auburn.EDU
Thu Apr 16 14:49:34 GMT 1998

Dana Canfield wrote:
> Sorry to bug everyone again.  Things are really starting to work well
> around here, but I have one more question.  Could someone tell me what
> NT groups you are a member of when validated by a Samba PDC.  I seem to
> have all sorts of problems when I try modifying the read/write
> permissions on the NT Workstation, even using Microsoft's own
> recommendations.  My only guess right now is that users validated over
> the PDC aren't getting to be members of the standard "users" group
> (though "everyone" doesn't seem to be working right, either).

See the domain admins parameter in smb.conf.  By default the user is
included in the user group I think.  I verified this by revoking the
right to shut down a local workstation from "users" and "everyone".  Was
then unable to shut down the machine as a domain user.  Gave the right
back to "Users" and could shut it down again.

> Also, if anyone has a good, general list of how permissions should be
> set on the directories to make a realtively secure, Samba-authenticated
> NT 4.0 installation, I would be most appreciative.

I have a script I use to secure lab machines.  It is constantly
evolving, but I can send it to you directly if you wish.  Don't want to
post it directly to the list here due to space.

                            Gerald ( Jerry ) Carter	
Engineering Network Services                           Auburn University 
jerry at   

       "...a hundred billion castaways looking for a home."
                                  - Sting "Message in a Bottle" ( 1979 )

More information about the samba-ntdom mailing list