USRMGR.EXE and SAMBA (main branch NOT SAMBA_2_0)
Luke Kenneth Casson Leighton
lkcl at switchboard.net
Wed Dec 2 22:56:53 GMT 1998
usrmgr.exe now successfully shows:
- users and what local and domain groups they are in
- domain groups and what domain users are in them
- local groups and what local groups, domain groups or domain users are
this is managed with three new options:
"domain group map"
"domain user map"
"local group map"
which are documented in smb.conf. they make unix "look" like NT, while
still maintaining uid/gid and NT SID integrity on both sides.
"add", "delete" and "change" are next on the list of things to do, as is
inter-domain trust relationships.
i have had unix groups explained to me by mike warfield: apparently the
unix user primary group need _not_ appear in /etc/group, the user will
_still_ be in that group: initgroup() takes the primary group as its
second argument, it adds it to the list of groups returned.
so, the users' primary group will be missing unless explicitly mentioned
in /etc/group, until i fix this (two, three days?)
other issues: NT groups can own files. why? because a SID is a SID.
this implies that if we want the same functionality in Samba that a unix
userid needs to be created with the same name as a unix group, with no
unix shell or password. then this "user", which will represent an NT
group, will be able to own a file / directory. samba does not break the
unix security model, even when it breaks windows as a result: we're not
about to start, now.
will keep you all informed.
More information about the samba-technical