run prog to create policy? + our setup

[Gerald Carter]

Paul Dekkers wrote:
> 
> Hmm... is it possible with the preexec command too? I'd make 
> at about 700 accounts, and I think the policy file would 
> become too big and it would become to complex to create an 
> entry for each user... So if I can easily copy the data when 
> the group is different to the file... Is it possible that 
> normal users then get the data of an extended user?

Why not setup your [netlogon] share something like this..

	[netlogon]
		path = /usr/samba/netlogon/%G

This is off the top of my head (and so hasnt't been tested).
Souncds like it should work though.  Then you can keep a
separate policy file for each unix group.

> BTW, are groups not possible under NT or not because SAMBA 
> is unable to deliver the group information?

Samba curently oes not return the group information.  Some
of them are supported ( WELL-KNOWN groups such as "Domain Admins").

> Maybe then serving using an NT server is a better idea, 
> however I'd like to use the passwords from my unix server, and 
> it saves a lot of money when just using an unix box...

You're the only one who can make the decision for your 
site :)

> is 18p10 a good idea, or should I experiment with 2.0.0alpha?

Nope.  You;ll have to go with the alpha code.

> (it's still not possible to use the account information on 
> the unix server with nt isn't it?)

You do still have to keep a separate smbpasswd curently.


Paul, I'm sending this to the samba-ntdom list in case someone
else has some ideas for the Samba PDC setup.




j- 
________________________________________________________________________
                            Gerald ( Jerry ) Carter	
Engineering Network Services                           Auburn University 
jerry at eng.auburn.edu             http://www.eng.auburn.edu/users/cartegw

       "...a hundred billion castaways looking for a home."
                                  - Sting "Message in a Bottle" ( 1979 )