Changes in Samba 2.0
Luke Kenneth Casson Leighton
lkcl at switchboard.net
Tue Sep 15 18:30:47 GMT 1998
> These have been discussed to some extent
> domain controller =
redundant, being removed.
> domain sid =
redundant, being removed.
> machine password =
clueless. presumably this is the initial "workstation trust account"
password. it should not be called "machine password". see ACB_WKSTRUST.
> and
> security = domain
this makes samba join an nt domain, just like an nt workstation. it then
uses "dce/rpc Network LsaSamLogon" passthrough authentication instead of
the stupid "CIFS" passthrough authentication.
> These haven't.
> domain groups =
> domain admin group =
> domain guest group =
> domain admin users =
> domain guest users =
these are to be replaced with a better system.
> groupname map =
this is part of the better system, and will be equivalent to "map
username" but for NT<->unix groups instead of NT<->unix users.
> Can anyone tell me what the basic intention of these are?
the intention is to provide mapping for unix groups to NT "local groups",
a.k.a NT "aliases", and to provide mapping for unix groups to NT "domain
groups".
yes, these two _are_ different, and it is important to distinguish between
them at the NT/Samba level. even if unix really knows nothing about the
difference [between aliases and groups], at least it can be made to look
like it does :)
luke
More information about the samba-technical
mailing list