Samba Fileserver at daily use?
Jay Thomas
jthomas2 at uiuc.edu
Mon Aug 9 02:01:39 GMT 1999
Matthew Keller wrote:
> Doug VanLeuven wrote:
> >
> > Thanks. My specific circumstance is a legacy AIX system where users have
> > been split into initial departmental groups with a umask of 002 and sgid on shared
> > directories so departmental groups can freely read/write files. I can't change this.
> > On the NT side, I have a legacy NT domain where logon scripts run under the
> > permissions of "Domain Users" and need to be applied to everyone authenticated
> > to the domain, but not guests & web users of MS IIS.
> > I'm experimenting with LDAP to define NT groups that are not mapped to any
> > unix group and it seems promising.
> > But I had hoped someone had found a way around the 1024 byte
> > limitation in group lines so we wouldn't have to maintain yet another server.
>
> The standard way around this in UNIX is to break users into subgroups,
> and shove them into the master group. I'll explain.
>
> Let's say you add the users to 'Domain Users', but there are too many
> (example below):
> users:1:person1,person2.....person99999
> You can always add GROUPS to other groups, so you could break it up as
> follows:
> users1:12:person1,person2....person200
> users2:13:person201,person202....person400
> users3:14:person401,.....person500
> .
> .
> .
> users:1:@users1, at users2, at users3......@users9999
>
The way I have traditionally done it is:
users1:14:person1,person2,person3
users1:14:person1,person2,person3
AFAIK this works under HP/UX & RedHat 5.2 but I've noticed under Redhat's check group file
script doesn't like it.
--
Freedom is not free. Free men are not equal. Equal men are not free.
This message Copyright (c) 1999 Jay Thomas
Jay Thomas, jthomas2 at uiuc.edu http://jay.cx
More information about the samba-ntdom
mailing list