domain group and local group API needed
Kyle McDonald
kjm at coe.neu.edu
Fri Oct 30 01:28:30 GMT 1998
Hi all.
I may be about to open my mouth and insert my foot, but here
it goes anyway.
I thought I might be a good judge on what the "average user"
might interpret these options to mean - considering I am
very new to this whole SAMBA thing...
so here's my two cents:
It seems(from my reading so far) that these are the desired
functionality, even if these are not the current names:
local user map =
domain user map =
local group map =
domain group map =
These all seem straight forward so far. they seem to cover all
of the mapping options needed.
As for the files, It seems that the desired functionality
would include: (again some of these may exist, some may not)
local user file =
domain user file =
local group file =
domain group file =
Considering that all users have to be in both the unix passwd
file and the smbpasswd file, I think it might be good to
follow the same logic with having all the groups in both
the unix group file and an smbgroup file.
The confusing part will be when the smbgroup file puts a user
in one set of groups which map to one set of unix groups, and
the unix group file puts the user into another (possibly
overlapping) set of unix groups.
But I do see the point of letting an administrator get all
of the functionality of a real NT server.
The last question remaining seems to be do you really need
to make the local and domain distinctions in each of these
settings.
In the case of the user and group files, might it not be
possible to add a field which specified if the user (or group)
was for the domain or only the local machine?
In the case of the user and group maps, I'm not sure you even
need this distinction. Can't a unix group only map to one
smbgroup? does it matter (during the mapping) if that group
is local or domain?
I think (and I might be wrong) that you can't have a local
users or group with the same name as a domain user or group -
and if if you can, I don't know if it makes much sense to do
so. Therefore you should be able to map a unix user or group
to a SMB user or group with out specifying wether it is local
or domain... Let the new field, or which ever file it is found
in determine that.
This would leave you with:
user map =
group map =
user file =
group file =
( and I might suggest using db instead of file )
Now, I could be totally off my rocker. and maybe I've missed
a totally important idea in here somewhere, but This is my
novice view point of how I would expect these settings to work.
Just my 2 cents, and even though curiosity killed the cat, I
would be interested in learning where and why I'm wrong.
-Kyle
--
_
-------------------------------ooO( )Ooo-------------------------------
Kyle J. McDonald (o o) Systems Analyst/
Northeastern University ||||| Applications Programmer
College of Engineering email: kjm at coe.neu.edu
360 Huntington Ave. 230SN \\\// voice: (617)373-3361
Boston MA 02115 (o o) fax: (617)373-8504
-------------------------------ooO(_)Ooo-------------------------------
More information about the samba-ntdom
mailing list