domain groups information & observation

[Andrew Perrin - Demography]

Hmm.  domain groups = admins sounds suspiciously like I'll need to have a
group on the unix side called admins... right?  Otherwise how will NT know
who belongs to that group?

---------------------------------------------------------------------
Andrew J. Perrin - aperrin at demog.berkeley.edu - NT/Unix Admin/Support
Department of Demography    -    University of California at Berkeley
2232 Piedmont Avenue #2120  -    Berkeley, California, 94720-2120 USA
http://demog.berkeley.edu/~aperrin --------------------------SEIU1199

On Fri, 8 May 1998, Luke Kenneth Casson Leighton wrote:

> On Fri, 8 May 1998, Jeremy Allison wrote:
> 
> > Andrew Perrin - Demography wrote:
> > > 
> > > 1.) I'd be interested in any advice about using the domain groups stuff in
> > > smb.conf -- specifically, how to map a unix group to an nt group (even
> > > just unix:ntusers -> users and unix:ntadmins -> Administrators).  Has
> > > anyone successfully done this?
> > > 
> > 
> > That's something that needs work on in the code. It's on my
> > todo list but it may take a couple of weeks to get to it (I
> > need to fix the username map code first).
> 
> is it on dana canfield's TODO list?
> 
> no it isn't.  dana, can you put "add a 'map groupname' smb.conf parameter
> which does what map username does, but for unix->nt groups, instead?" on
> the "medium priority" TODO list?
>  
> > Hmmmm. I'm not a profiles expert (but I know a man who is :-).
> > 
> > Luke ..... comments ?
> 
> wheuuur!  what???  woke me up, there, for a minute.  yes, we may have a
> bit of confusion where all users in "domain admin users" get mapped to the
> same RID...
> 
> hm.  i seem to have made a mistake.  it is used in two places.  one is in
> "name_to_rid()" where this converts _user_ RIDs to DOMAIN_USER_RID_ADMIN,
> and also in "get_domain_user_groups()" where this converts _group_ RIDs to
> DOMAIN_GROUP_RID_ADMINS.
> 
> oops.
> 
> AH!  try this:
> 
> "domain groups = admins".
> 
> :-)
>