Your Passwd has expired .....

Tim Winders twinders at SPC.cc.tx.us
Fri Dec 4 16:25:02 GMT 1998


On Fri, 4 Dec 1998, Luke Kenneth Casson Leighton wrote:

> On Fri, 4 Dec 1998, Tim Winders wrote:
> 
> > On Fri, 4 Dec 1998, David Bannon wrote:
> > 
> > > At 04:03 PM 03/12/1998 +0000, Luke Kenneth Casson Leighton wrote:
> > > 
> > > >> Further, and unrelated (?), 'log on' is not permitted if the user is
> > > >> mentioned in a group that is mentioned in the local.map, fine for everyone
> > > >> else.
> > > >
> > > >oh?? just "in a group", or if the group is the users' _primary_ group?
> > > 
> > > OK, bit more carefull testing.
> > > If user is a member of a group (say adm) that is mapped to
> > > "Administrators",  "System Operators" or even "Users", cannot logon. It
> > > does not matter if the (unix)group is the user's primary group or only
> > > mentioned in /etc/group.
> > > 
> > > However, if I map adm=BUILTIN\BlarBlar ie, a non existing NT Group, then
> > > logins occur without problems.
> > > 
> > > Now, _not_ using the map file but using a technique suggested by someone a
> > > week or so ago, add an entry to the /etc/group file thus :
> > > 
> > > Domain Admins:*:2000:dbannon,tony
> > > 
> > > Works fine ! I can logon with full admin rights. This is not a bad way to
> > > work, but I assume not the way you want to do it.
> > 
> > David -
> > 
> > On my system (Digital Unix 4.0D) I cannot have a group name or user name
> > longer than 8 characters.  At least in the default configuration...  so
> > the above would not work for me...
> > 
> 
> but:
> 
> /etc/group -
> 
> dadmn::20001:root,...
> 
> 
> and group.map:
> 
> dadmn="DOmain Admins"
> 
> _would_ work.
> 
> 

I would guess so.  I have done just that, but haven't tried it out yet...

=== Tim

---------------------------------------------------------------------
|  Tim Winders, CNE, MCSE     |  Email:  Tim.Winders at SPC.cc.tx.us   |
|  Network Administrator      |  Phone:  806-894-9611 x 2369        |
|  South Plains College       |  Fax:    806-897-4711               |
|  Levelland, TX  79336       |                                     |
---------------------------------------------------------------------




More information about the samba-ntdom mailing list