Group Memberships & ACL permissions?
Gerald W. Carter
cartegw at Eng.Auburn.EDU
Thu Apr 16 14:49:34 GMT 1998
Dana Canfield wrote:
> Sorry to bug everyone again. Things are really starting to work well
> around here, but I have one more question. Could someone tell me what
> NT groups you are a member of when validated by a Samba PDC. I seem to
> have all sorts of problems when I try modifying the read/write
> permissions on the NT Workstation, even using Microsoft's own
> recommendations. My only guess right now is that users validated over
> the PDC aren't getting to be members of the standard "users" group
> (though "everyone" doesn't seem to be working right, either).
See the domain admins parameter in smb.conf. By default the user is
included in the user group I think. I verified this by revoking the
right to shut down a local workstation from "users" and "everyone". Was
then unable to shut down the machine as a domain user. Gave the right
back to "Users" and could shut it down again.
> Also, if anyone has a good, general list of how permissions should be
> set on the directories to make a realtively secure, Samba-authenticated
> NT 4.0 installation, I would be most appreciative.
I have a script I use to secure lab machines. It is constantly
evolving, but I can send it to you directly if you wish. Don't want to
post it directly to the list here due to space.
Gerald ( Jerry ) Carter
Engineering Network Services Auburn University
jerry at eng.auburn.edu http://www.eng.auburn.edu/users/cartegw
"...a hundred billion castaways looking for a home."
- Sting "Message in a Bottle" ( 1979 )
More information about the samba-ntdom