User Manager for Domains
cartegw at Eng.Auburn.EDU
Wed Apr 29 13:05:21 GMT 1998
Luke Kenneth Casson Leighton wrote:
> then that implies that you are using an nt server to add nt
> workstation users to an nt domain, does it not? which means that
> samba is not involved in any way.
> if you are using usrmgr.exe on an nt domain to add samba domain users,
> then this is not possible as this requires a trust relationship to be
> established between the nt domain and the samba domain, which has not
> been investigated.
I think what David is saying is that he has a NT server which is
prividing RAS service for users. Once someone dials into the RAS
server, it contacts the PDC to authenticate and the user must be a
member of the "Modem Group" to be validated.
Don't think what we are discussing has anything to do with trust
relationships. Also this would imply that the NT group mapping was in
place so that you could use User Mgr to add users to group.
BTW...I haven't had a chance to dig into this but how does NT handle
membership in multiple groups? For example, in unix you have a primary
group and then secondary groups. Since the smbpasswd has no GID in the
user's entry, how will this work? Also, after looking at the
name_to_rid() function you mentioned previsouly, I am assuming that the
user credentials you pass back only contain one group RID (gid + 1000).
Does an NT server pass back the information in the same way or is there
a structure containing all the groups of which the user is a member?
I have been meaning to look through the header files for the structures
and stuff but....
BTW again....I got a bounced message from your new e-mail address
yesterday. Figured this was the best way to let you know.
David, I don't believe that the granularity / control of NT groups which
you need is implemented.
Gerald ( Jerry ) Carter
Engineering Network Services Auburn University
jerry at eng.auburn.edu http://www.eng.auburn.edu/users/cartegw
"...a hundred billion castaways looking for a home."
- Sting "Message in a Bottle" ( 1979 )
More information about the samba-ntdom