Group mappings

David Bannon D.Bannon at latrobe.edu.au
Tue Dec 22 21:37:19 GMT 1998


At 02:22 AM 23/12/1998 +1100, Stefano Colombo wrote:
>I know for sure this is a really dumb question , but I'm in a hurry and
>can't go through al the Samba FAQ .
>So how can I map Groups in a samba server ?
>

This has not made it to the FAQ yet, will be there soon, I am sure.

-------------------------------------------
How do I make a Domain Administrator now that the experimental "domain
admin group = X" parameter has been replaced in 2.1 ?

Simplest Version :

Choose a suitable UNIX group, for example the group "adm".

In smb.conf : 
	domain group map = /usr/local/samba/lib/domaingroup.map

In the file /usr/local/samba/lib/domaingroup.map :
	adm="Domain Admins"

In /etc/group, put any user you want to be a "Domain Admin" in the group
"adm".

These users will have Domain Admin rights on the workstations and will, for
example, have Domain Admins policy rules (ie permissions) applied to them.
They can take the workstation out of a domain, remove or edit profiles on
the machine etc.


You can do much more (if you understand differences between local and
domain admins), to create local administrators :
 
Choose a suitable unix group, for example "wheel".

local group map = /usr/local/samba/lib/localgroup.map
In the file /usr/local/samba/lib/localgroup.map put :
	wheel=BUILTIN\Administrators

domain user map = /usr/local/samba/lib/domainuser.map
In the file /usr/local/samba/lib/domainuser.map put :
	root=Administrator

Then run :
	smbpasswd -a root
and tell it your root password.

Then in /etc/group, any users that you want to be local administrators must
be in the group "wheel".

-------------------------

Thanks.

David
------------------------------------------------------------
David Bannon                      D.Bannon at latrobe.edu.au
School of Biochemistry            Phone 61 03 9479 2197
La Trobe University, Plenty Rd,   Fax   61 03 9479 2467
Bundoora, Vic, Australia, 3083    http://bioserve.latrobe.edu.au
------------------------------------------------------------
..... Humpty Dumpty was pushed !


More information about the samba-ntdom mailing list