groups API database

Greg Dickie greg at discreet.com
Wed Nov 4 01:33:35 GMT 1998 


Sounds very cool... coming soon to a cvs tree near you?

Greg



On 04-Nov-98 Luke Kenneth Casson Leighton wrote:
> ok, so the story so far is:
> 
> - all domain groups / users parameters have disappeared, to be replaced
> with:
> 
> "local group map"
> "domain group map"
> 
> which have the same format as "username map".  at the moment, you can only
> have usernames, local groups or domain groups from _your_ domain in these
> files.
> 
> 
> there will be two options for putting users into groups (which is
> independant of the above, which covers nt->unix name mapping issues).
> 
> option 1
> --------
> 
> use /etc/group entries.  you *must* ensure (and in the first version you
> will have no choice about this :-) that the unix group (local or domain)
> is in _your_ domain: see long message last week for details on why.  if
> you add a user to a group that maps to an NT group in a different domain,
> an error message will be logged.
> 
> if you wish to have a user added to an NT "local group", you will have to
> put an entry into "local group map" with the NT name and the UNIX name.
> this will inform samba that the unix group represents an NT local group as
> far as any NT machines are concerned.
> 
> if you wish to have a user added to an NT "domain group", you will have to
> put an entry into "domain group map" with the NT name and the UNIX name.
> this will inform samba that the unix group represents an NT domain group
> as far as any NT machines are concerned.
> 
> does anyone have any preferences as to which should be the default?
> namely, that if no entry exists (for a unix group that the user is in) in
> either "domain group map" or "local group map" the NT group should be
> assumed to be of type xyz.  the options are:
> 
> \LOCAL_SERVER\domain group (not possible!!!)
> \LOCAL_SERVER\local group
> \DOMAIN\domain group
> \DOMAIN\local group
> 
> 
> option 2
> --------
> 
> suitable for "appliance mode":
> 
> there will be a private/smbgroup or similar file, in which you add a list
> of domain groups and local groups in the domain that the user belongs to.
> 
> there will be a private/domaingroup or similar file, which lists the users
> that are in a particular domain.
> 
> there will be a private/localgroup or similar file, which lists, in the
> format \DOMAIN\group_or_user, the members in a local group.
> 
> domain groups can only contain users in the domain; local groups can
> contain SID-RIDs of absolutely anything, anywhere: foriegn domains,
> groups, users, the works it's quite neat.
> 
> 
> there will need to be either some maintenance tools or i just get
> USRMGR.EXE working properly, to maintain these files.  big "DO NOT EDIT"
> notices at the top of them :-)
> 
> 

----------------------------------
Greg Dickie
just a  guy*
*from Discreet Logic
----------------------------------

More information about the samba-ntdom mailing list