R: Group mappings

Gerald Carter cartegw at Eng.Auburn.EDU
Thu Dec 24 05:41:54 GMT 1998


I am uploading it now.  Check the NTDOM FAQ linked 
off the documentation page on the samba site.  See
section 4.  Here's the bulk of it.

Thanks to David Bannon for send it to me. :-)

Hope this helps,
jerry

---------------------------------------------

This has changed in the latest version of the HEAD branch.  The "domain
admin users" and "domain admin group" parameters have gone
away.  See the smb.conf man page for information on 

      * domain group map 
      * domain user map 
      * local group map 

Here are some sample notes...

To put users in the "Domain Admins" group 

      * Choose a suitable UNIX group, for example the group 
        "adm".  Add the following parameter to smb.conf 

       domain group map = /usr/local/samba/lib/domaingroup.map

      * Now create /usr/local/samba/lib/domaingroup.map and add 

       adm="Domain Admins"

      * In /etc/group (or the NIS map), put any user you want to 
        be a "Domain Admin" in the group "adm".  These users 
        will have Domain Admin rights on the workstations and 
        will, for example, have Domain Admins policy rules 
        (ie permissions) applied to them.  They can take 
        the workstation out of a domain, remove or edit 
        profiles on the machine etc. 

To add users to the local Administrator accounts on machines 

      * Add the following parameter to smb.conf 

       local group map = /usr/local/samba/lib/localgroup.map

      * Choose a suitable unix group, for example "wheel" and 
        add the following entry to the loca group map file 

       wheel=BUILTIN\Administrators

      * Then in /etc/group (or the NIS map), any users that you 
        want to be local administrators must be in the 
        group "wheel". 

Now to map NT user accounts to unix accounts 

      * Add the following parameter to smb.conf 

       domain user map = /usr/local/samba/lib/domainuser.map

      * In the file /usr/local/samba/lib/domainuser.map put : 

       root=Administrator

      * Then run

        smbpasswd -a root

      and enter a password.


________________________________________________________________________
                            Gerald ( Jerry ) Carter	
Engineering Network Services                           Auburn University 
jerry at eng.auburn.edu             http://www.eng.auburn.edu/users/cartegw

       "...a hundred billion castaways looking for a home."
                                  - Sting "Message in a Bottle" ( 1979 )




More information about the samba-ntdom mailing list