NT Group auth for limited areas

Gerald Carter cartegw at Eng.Auburn.EDU
Fri Mar 5 15:50:43 GMT 1999

Brandon Gillespie wrote:
> Hello, we use Samba on our HP servers here at Iomega, and I am trying
> to integrate it with our NT network a little better.  I have it as a
> NT Domain member, and it is doing user authorization just fine.  But
> we have about six different areas used in our production environment
> where people push files onto the HP server from their windows machines
> (through Samba) and oracle picks up the files and does its thing.
> There is already seperate NT Groups for these areas, and I would
> simply like to limit the areas by NT Group, *exactly* like you do a
> unix group.  Is this in the future plans?  I was hoping when I saw
> 'domain groups' that it had to do with this, but a scan of the source
> doesn't seem to say that is what it is for.

What you have to do at the moment is to create unix users 
and group so that samba can get a uid and gid and emumlate
the group permissions from the NT side. See question 6.1 of 
the NTDOM FAQ linked off the Samba site under the documentation 

There are some perl scripts I wrote to help do this.  There 
is a link under that question to download them.  What they do
is create /etc/passwd and /etc/group entries (with the password 
disabled '*' ) that mimic the group membership of the NT domain.

Three steps,

* create the users in /etc/passwd (not user for 
  authentication of course)

* create the necessary groups in /etc/group

* add the users to the appropriate group

The main problem is that UNIX only allows for controlling 
access by one owner, one group and for everyone else.  NTFS
is more flexible.  However, it sounds like this will work 
for you.  Try things out and contact me if you have questions 
about the scripts.  

BTW...I put an entire chapter in my new book about replacing 
an NT file and print server with a Samba box and addressing 
these types of issues.  "Samba Teach Yourself Samba in 24 Hours"
due out in late April if your interested.

                            Gerald ( Jerry ) Carter	
Engineering Network Services                           Auburn University 
jerry at eng.auburn.edu             http://www.eng.auburn.edu/users/cartegw

       "...a hundred billion castaways looking for a home."
                                  - Sting "Message in a Bottle" ( 1979 )

More information about the samba-ntdom mailing list