domain group and local group API needed

Luke Kenneth Casson Leighton lkcl at
Thu Oct 29 23:03:04 GMT 1998

On Thu, 29 Oct 1998, Jeremy Allison wrote:

> Luke Kenneth Casson Leighton wrote:
> > 
> > ok, this is what i have so far:
> > 
> > "local group map = "
> > "domain group map = "
> > the group map has the same format as "map username".
> > 
> Looks good....
> > "smb group file = " (default is /usr/local/samba/private/smbgroup)
> > 
> > smbgroup is the same format as /etc/group, except that you specify nt
> > groups in here not unix groups.
> > 
> Is this the PDC "Domain Groups" database ?


> If so can
> we call it "domain group file" instead of "smb group
> file". That way, people know that it only has meaning
> when you're using Samba as a PDC.

that would confuse the issue.  a user's groups is a list of RIDs.  those
RIDs can be either local groups or domain groups.  a name of "domain group
file" would imply that it is not possible to have users in local groups.

plus, if we name it "domain group file" then we really need "smb password
file" to be renamed "domain password file".

plus, in the case of when you are a member of a domain, this option still
has relevance (and so does the "smb password file").

in this case:

- the smb passwd file becomes a list of local accounts
- the smb group file can contain only local groups (no domain groups).

because the samba server (as a member of a domain) is still responsible
for its own "local SAM".

so, i am tired.  i can think of lots of reasons why naming it "domain
group file" is a confoosing thing: do you, or anyone else, have any


More information about the samba-ntdom mailing list