Changes in Samba 2.0

Luke Kenneth Casson Leighton lkcl at
Tue Sep 15 18:30:47 GMT 1998

> These have been discussed to some extent
>       domain controller = 

redundant, being removed.

>       domain sid = 

redundant, being removed.

>       machine password = 

clueless.  presumably this is the initial "workstation trust account"
password.  it should not be called "machine password".  see ACB_WKSTRUST.

> 	and
>       security = domain

this makes samba join an nt domain, just like an nt workstation.  it then
uses "dce/rpc Network LsaSamLogon" passthrough authentication instead of
the stupid "CIFS" passthrough authentication.

> These haven't.
>       domain groups = 
>       domain admin group = 
>       domain guest group = 
>       domain admin users = 
>       domain guest users = 

these are to be replaced with a better system.

>       groupname map = 

this is part of the better system, and will be equivalent to "map
username" but for NT<->unix groups instead of NT<->unix users.

> Can anyone tell me what the basic intention of these are?

the intention is to provide mapping for unix groups to NT "local groups",
a.k.a NT "aliases", and to provide mapping for unix groups to NT "domain

yes, these two _are_ different, and it is important to distinguish between
them at the NT/Samba level.  even if unix really knows nothing about the
difference [between aliases and groups], at least it can be made to look
like it does :)


More information about the samba-technical mailing list