groups API database
Luke Kenneth Casson Leighton
lkcl at switchboard.net
Wed Nov 4 00:16:32 GMT 1998
ok, so the story so far is:
- all domain groups / users parameters have disappeared, to be replaced
"local group map"
"domain group map"
which have the same format as "username map". at the moment, you can only
have usernames, local groups or domain groups from _your_ domain in these
there will be two options for putting users into groups (which is
independant of the above, which covers nt->unix name mapping issues).
use /etc/group entries. you *must* ensure (and in the first version you
will have no choice about this :-) that the unix group (local or domain)
is in _your_ domain: see long message last week for details on why. if
you add a user to a group that maps to an NT group in a different domain,
an error message will be logged.
if you wish to have a user added to an NT "local group", you will have to
put an entry into "local group map" with the NT name and the UNIX name.
this will inform samba that the unix group represents an NT local group as
far as any NT machines are concerned.
if you wish to have a user added to an NT "domain group", you will have to
put an entry into "domain group map" with the NT name and the UNIX name.
this will inform samba that the unix group represents an NT domain group
as far as any NT machines are concerned.
does anyone have any preferences as to which should be the default?
namely, that if no entry exists (for a unix group that the user is in) in
either "domain group map" or "local group map" the NT group should be
assumed to be of type xyz. the options are:
\LOCAL_SERVER\domain group (not possible!!!)
suitable for "appliance mode":
there will be a private/smbgroup or similar file, in which you add a list
of domain groups and local groups in the domain that the user belongs to.
there will be a private/domaingroup or similar file, which lists the users
that are in a particular domain.
there will be a private/localgroup or similar file, which lists, in the
format \DOMAIN\group_or_user, the members in a local group.
domain groups can only contain users in the domain; local groups can
contain SID-RIDs of absolutely anything, anywhere: foriegn domains,
groups, users, the works it's quite neat.
there will need to be either some maintenance tools or i just get
USRMGR.EXE working properly, to maintain these files. big "DO NOT EDIT"
notices at the top of them :-)
More information about the samba-ntdom