domain users map?

David Bannon D.Bannon at latrobe.edu.au
Tue Dec 22 21:44:29 GMT 1998 

At 02:42 AM 23/12/1998 +1100, Matthew Kirkwood wrote:
>Hi,
>
>I have a domain set up and working quite nicely now, but I need to
>give a couple of users admin rights (mostly so that they can write
>files on their local disks, share printers, etc).
>

As I said in another post, this is on its way to the FAQ, I'm sure Jerry
will do it as soon as he can.

-------------------------------------------
How do I make a Domain Administrator now that the experimental "domain
admin group = X" parameter has been replaced in 2.1 ?

Simplest Version :

Choose a suitable UNIX group, for example the group "adm".

In smb.conf : 
	domain group map = /usr/local/samba/lib/domaingroup.map

In the file /usr/local/samba/lib/domaingroup.map :
	adm="Domain Admins"

In /etc/group, put any user you want to be a "Domain Admin" in the group
"adm".

These users will have Domain Admin rights on the workstations and will, for
example, have Domain Admins policy rules (ie permissions) applied to them.
They can take the workstation out of a domain, remove or edit profiles on
the machine etc.


You can do much more (if you understand differences between local and
domain admins), to create local administrators :
 
Choose a suitable unix group, for example "wheel".

local group map = /usr/local/samba/lib/localgroup.map
In the file /usr/local/samba/lib/localgroup.map put :
	wheel=BUILTIN\Administrators

domain user map = /usr/local/samba/lib/domainuser.map
In the file /usr/local/samba/lib/domainuser.map put :
	root=Administrator

Then run :
	smbpasswd -a root
and tell it your root password.

Then in /etc/group, any users that you want to be local administrators must
be in the group "wheel".

-------------------------

Thanks.

David
------------------------------------------------------------
David Bannon                      D.Bannon at latrobe.edu.au
School of Biochemistry            Phone 61 03 9479 2197
La Trobe University, Plenty Rd,   Fax   61 03 9479 2467
Bundoora, Vic, Australia, 3083    http://bioserve.latrobe.edu.au
------------------------------------------------------------
..... Humpty Dumpty was pushed !

More information about the samba-ntdom mailing list