run prog to create policy? + our setup

Gerald Carter cartegw at Eng.Auburn.EDU
Tue Sep 1 13:20:38 GMT 1998

Paul Dekkers wrote:
> Hmm... is it possible with the preexec command too? I'd make 
> at about 700 accounts, and I think the policy file would 
> become too big and it would become to complex to create an 
> entry for each user... So if I can easily copy the data when 
> the group is different to the file... Is it possible that 
> normal users then get the data of an extended user?

Why not setup your [netlogon] share something like this..

		path = /usr/samba/netlogon/%G

This is off the top of my head (and so hasnt't been tested).
Souncds like it should work though.  Then you can keep a
separate policy file for each unix group.

> BTW, are groups not possible under NT or not because SAMBA 
> is unable to deliver the group information?

Samba curently oes not return the group information.  Some
of them are supported ( WELL-KNOWN groups such as "Domain Admins").

> Maybe then serving using an NT server is a better idea, 
> however I'd like to use the passwords from my unix server, and 
> it saves a lot of money when just using an unix box...

You're the only one who can make the decision for your 
site :)

> is 18p10 a good idea, or should I experiment with 2.0.0alpha?

Nope.  You;ll have to go with the alpha code.

> (it's still not possible to use the account information on 
> the unix server with nt isn't it?)

You do still have to keep a separate smbpasswd curently.

Paul, I'm sending this to the samba-ntdom list in case someone
else has some ideas for the Samba PDC setup.

                            Gerald ( Jerry ) Carter	
Engineering Network Services                           Auburn University 
jerry at   

       "...a hundred billion castaways looking for a home."
                                  - Sting "Message in a Bottle" ( 1979 )

More information about the samba-ntdom mailing list