USRMGR.EXE and SAMBA (main branch NOT SAMBA_2_0)

Tim Winders twinders at SPC.cc.tx.us
Wed Dec 2 23:59:20 GMT 1998 

Luke -

I updated my CVS because of the smbpasswd problem and I get an error:

domain user map unknown parameter.  Perhaps there is something not right
yet?  the local group map and domain group map are OK.

=== Tim

---------------------------------------------------------------------
|  Tim Winders, CNE, MCSE     |  Email:  Tim.Winders at SPC.cc.tx.us   |
|  Network Administrator      |  Phone:  806-894-9611 x 2369        |
|  South Plains College       |  Fax:    806-897-4711               |
|  Levelland, TX  79336       |                                     |
---------------------------------------------------------------------


On Thu, 3 Dec 1998, Luke Kenneth Casson Leighton wrote:

> usrmgr.exe now successfully shows:
> 
> - users and what local and domain groups they are in
> 
> - domain groups and what domain users are in them
> 
> - local groups and what local groups, domain groups or domain users are
>   in them.
> 
> this is managed with three new options:
> 
> "domain group map"
> "domain user map"
> "local group map"
> 
> which are documented in smb.conf.  they make unix "look" like NT, while
> still maintaining uid/gid and NT SID integrity on both sides.
> 
> "add", "delete" and "change" are next on the list of things to do, as is
> inter-domain trust relationships.
> 
> i have had unix groups explained to me by mike warfield: apparently the
> unix user primary group need _not_ appear in /etc/group, the user will
> _still_ be in that group: initgroup() takes the primary group as its
> second argument, it adds it to the list of groups returned.
> 
> so, the users' primary group will be missing unless explicitly mentioned
> in /etc/group, until i fix this (two, three days?)
> 
> other issues: NT groups can own files.  why?  because a SID is a SID.
> 
> this implies that if we want the same functionality in Samba that a unix
> userid needs to be created with the same name as a unix group, with no
> unix shell or password.  then this "user", which will represent an NT
> group, will be able to own a file / directory.  samba does not break the
> unix security model, even when it breaks windows as a result: we're not
> about to start, now.
> 
> will keep you all informed.
> 
> luke
> 
>

More information about the samba-ntdom mailing list