2.2.1a user/group issues

Simo Sorce idra at samba.org
Tue Oct 2 07:02:02 GMT 2001


On Mon, Oct 01, 2001 at 03:17:46PM -0700, J. Lucha wrote:
> Inspired by Jerry's talk at LinuxWorld, when my co-worker
> was having difficulty transitioning our PDC to Windows 2000,
> I jumped in and suggested Samba.
> 
> Well..we replaced our NT4 PDC with RH 7.1 running Samba 2.2.1a.
> 
> So far it's going well..but I do want to mention a couple of issues.
> Most of these issues, I've seen mention of in the mailing list,
> but didn't see any concrete replies for solutions or status for future fix.
> 
> 1.)  On a Win98 client, when you create a share, the list
> of domain users is not complete.  I've seen various posts with
> the wide ranges of numbers for the count of users.  I can only see
> the first 97 + Domain Admins + Domain Users + Everyone for a total of 
> 100.  The other posts I saw had a lot fewer, so I guess I should feel 
> lucky.  I suspect it's a character count thing, and since most of my
> accounts are pseudo accounts that are about 3 characters I can get a lot 
> more of them.

I think we have a fix for that in the CVS so it should be fixed for 2.2.2

> 
> 2.)  Jerry, on page 430 of your book, you mention the domain group map
> parameter, but as I see on some other mailing list posts (plus the error 
> logs) that parameter is no longer there.  As is the one for local group 
> map.  I understand that Samba now auto looks at the local /etc/group 
> file and treats those as local NT groups..but the problem I have with 
> that, Is I really need NT Domain Groups, so that I can set a permission
> on another Windows machine by a group instead of individually selecting
> each user (which I can't even do on a Win9x machine anyway because of
> issue #1 above).  Is this a feature that is going to be re-implemented?
> (By the way Jerry, good intro book.  I look forward to a more up-to-date
> version)

yes the management of groups is limited at the time, we are looking to
rewrite a better support for it.


> 
> 3.) When you add a Windows2000 machine to the domain, and it
> prompts for a username/password pair that is authorized to add to the 
> domain, it only accepts root/root's password.  Not a big deal, just on
>   a real NT domain, that prompt usually accepts any username/password
> pair for a domain admin.  Samba doesn't make use of the domain admin 
> group parameter in this case, which caused a little confusion.

As a consequence of group code not beeing yet ok, we do not have
domain admin group so you have to use root account to join w2k
machines.
Anyway we generally suggest to use a different password than the
system one.

Stay tuned we are working on the problems you pointed out.

And thanks for the feedback,
simo.

-- 
Simo Sorce       idra at samba.org
-------------------------------
Samba Team http://www.samba.org




More information about the samba-ntdom mailing list