Samba and NT Domain Group membership.
Mike Harris
mike at psand.net
Thu Dec 2 18:41:48 GMT 1999
Am I correct in believing that Domain Group membership of users in NT makes
absolutely no difference to a Samba server?
For example:
I have a network with an NT PDC, a Samba 2.0.6 server and an NT Workstation.
The Samba server is configured with security=domain and password server=*.
With this setting, the actual user account on the Samba server does not need
to have a password set (as the authentication is passed-through to the NT
PDC) and has it's login shell set to /dev/null for security. Home shares
work fine this way :)
I have a directory called /home/public which is my public share on my Samba
server and an smb.conf snippet for this is:
[public]
path = /home/public
valid users=@users
admin users=@admin
The directory /home/public is user=root, group=users with permissions set to
0750.
In my smbusers file, I have two entries:
users="Domain Users"
admin="Domain Admins"
with the hope that by adding a user account to the Domain Admins group on
the PDC will give it 'passed-through' group access to the share and give the
user super-user access, i.e. write access.
Now this doesn't work, unless I add the user to the admin group in
/etc/group.
This implies that Domain Group membership has absolutely no effect on Samba
as it's only interested in the UNIX group file.
I think I'm completely barking up the wrong tree with this one, but could
someone confirm this is the case for me?
Or is there a way to make this work?
Many thanks in advance,
Mike Harris,
Psand.
More information about the samba-ntdom
mailing list