mknissmbpwdtbl.sh

Benny Holmgren bigfoot at astrakan.hgs.se
Fri May 15 15:06:15 GMT 1998


On Fri, 15 May 1998, Luke Kenneth Casson Leighton wrote:



> this look any good?  totally clooless!
> 
> nistbladm \
>     -D access=og=rmcd,nw= -c \

the -D parameter specifies the default permission for the fields in this
table.

>     -s : smbpasswd_tbl \
>     	name=S,nogw=r \

S means the field is searchable and nogw=w sets the permissions so that
everyone can read the column but nothing else. The default values are
overridden since the = operator is used.

 >     	uid=S,nogw=r \
> 		user_rid=S,nogw=r \
> 		smb_grpid=,nw+r \

nw+r adds read permission for nobody & world to the defalt values. The
result will be owner=rmcd, group=rmcd, world=r, nobody=r
(rmcd means r=read, m=modify, c=create, d=delete)
the difference between nobody and world is that the principals with valid
credentials in NIS+ (ie, valid Secure RPC keys) is in the world group
while not even having valid credentials makes you a nobody.

> 		group_rid=,nw+r \
> 		acb=,nw+r \
> 		          \
>     	lmpwd=C,nw=,g=r,o=rm \
>     	ntpwd=C,nw=,g=r,o=rm \

C tells that this is an encrypted field. nw= sets the persmission for
nobody and world to nothing, read permission for the group and read/modify
for the owner.


> 		                     \
> 		logon_t=,nw+r \
> 		logoff_t=,nw+r \
> 		kick_t=,nw+r \
> 		pwdlset_t=,nw+r \
> 		pwdlchg_t=,nw+r \
> 		pwdmchg_t=,nw+r \
> 		                \
> 		full_name=,nw+r \
> 		home_dir=,nw+r \
> 		dir_drive=,nw+r \
> 		logon_script=,nw+r \
> 		profile_path=,nw+r \
> 		acct_desc=,nw+r \
> 		workstations=,nw+r \
> 		                   \
> 		hours=,nw+r \
> 	smbpasswd.org_dir.`nisdefaults -d`
> 
> nisgrpadm -c smb.`nisdefaults -d`
> 
> nischgrp smb.`nisdefaults -d` smbpasswd.org_dir.`nisdefaults -d`
> 

Hope this helps

 Cheers,


--
Benny Holmgren                                      bigfoot at astrakan.hgs.se
Astrakan Computer Club                                tel. +46-(0)26-183573
Sweden                                "It's not about length, it's shoesize"



More information about the samba-technical mailing list