domain group and local group API needed

Kyle McDonald kjm at
Fri Oct 30 01:28:30 GMT 1998

Hi all.

    I may be about to open my mouth and insert my foot, but here
    it goes anyway.

    I thought I might be a good judge on what the "average user"
    might interpret these options to mean - considering I am
    very new to this whole SAMBA thing...

    so here's my two cents:

    It seems(from my reading so far) that these are the desired
    functionality, even if these are not the current names:

    local user map =
    domain user map =
    local group map =
    domain group map =

    These all seem straight forward so far. they seem to cover all
    of the mapping options needed.

    As for the files, It seems that the desired functionality
    would include: (again some of these may exist, some may not)

    local user file =
    domain user file =
    local group file =
    domain group file =

    Considering that all users have to be in both the unix passwd
    file and the smbpasswd file, I think it might be good to
    follow the same logic with having all the groups in both
    the unix group file and an smbgroup file.

    The confusing part will be when the smbgroup file puts a user
    in one set of groups which map to one set of unix groups, and
    the unix group file puts the user into another (possibly
    overlapping) set of unix groups.

    But I do see the point of letting an administrator get all
    of the functionality of a real NT server.

    The last question remaining seems to be do you really need
    to make the local and domain distinctions in each of these

    In the case of the user and group files, might it not be
    possible to add a field which specified if the user (or group)
    was for the domain or only the local machine?

    In the case of the user and group maps, I'm not sure you even
    need this distinction. Can't a unix group only map to one
    smbgroup? does it matter (during the mapping) if that group
    is local or domain?

    I think (and I might be wrong) that you can't have a local
    users or group with the same name as a domain user or group -
    and if if you can, I don't know if it makes much sense to do
    so. Therefore you should be able to map a unix user or group
    to a SMB user or group with out specifying wether it is local
    or domain... Let the new field, or which ever file it is found
    in determine that.

    This would leave you with:

    user map =
    group map =
    user file =
    group file =

    ( and I might suggest using db instead of file )

    Now, I could be totally off my rocker. and maybe I've missed
    a totally important idea in here somewhere, but This is my
    novice view point of how I would expect these settings to work.

    Just my 2 cents, and even though curiosity killed the cat, I
    would be interested in learning where and why I'm wrong.


-------------------------------ooO( )Ooo-------------------------------
Kyle J. McDonald                 (o o)                 Systems Analyst/
Northeastern University          |||||          Applications Programmer
College of Engineering                          email:  kjm at
360 Huntington Ave. 230SN        \\\//          voice:    (617)373-3361
Boston MA 02115                  (o o)            fax:    (617)373-8504

More information about the samba-ntdom mailing list