acls on win-side
Thomas Heiligenmann
thomas.heiligenmann at t-online.de
Fri Sep 10 18:01:27 GMT 1999
peter pilsl wrote:
>
>
> thats an interesting idea, but leads me to another problem. I dont have any groups on > domainside cause I dont know how to define it in
> smb.conf. the suggested
> domain group map,local group map,domain user map - parameters does not work any more in > 2.05a. and there is no
> documentiation for the new announced domain admin users, domain groups ....
>
> for now
> net localgroup /domain
> just leads into an error-message.
>
Oops, something wrong with your permissions ie. no admin rights for your
domain account on the nt wkstn or vice versa or both ??? It works for
me, however I've added my samba_domain\joeuser to the local Admins group
on the nt wkstn !
net localgroup /domain then shows up the "local groups on the PDC":
*Account Operators *Administrators *Backup Operators
*Guests *Power Users *Print Operators
*Replicator *System Operators *Users
Like with a "real" MS NT server these groups IMHO make no sense for
domain administration, I think in 2.0.5a they are just show up for the
sake of some compatibility issues...
The "global groups" in the domain are more interesting,
net group /domain should return *Domain Admins on a 2.0.5a PDC
As I understood from the docs that's the only domain group available in
Samba 2.0.xx and _all_ users belong to it by default (tell me if I'm
wrong), so better don't try to add this group to your local admins. I
haven't checked the domain group support in 2.1.xx yet, maybe there's
exectly what we need :-)
However, with 2.0.5a you can add single Samba domain members to local
groups on the nt wkstn using the local user manager (it didn't work
with net localgroup on my site), but that's certainly no solution for
a great amount of domain user accounts...
Cheers,
Thomas
More information about the samba-ntdom
mailing list