new smb.conf option
Gerald Carter
gcarter at valinux.com
Fri Oct 6 22:23:42 GMT 2000
Jean Francois Micouleau wrote:
>
> general overview of groups:
>
> wks: local groups only
> member: local groups only
> pdc: local and domain groups.
>
> - domains groups are also known as aliases groups.
No I remember now. Local and aliases are the same
category on a PDC.
> - a local group can contain users and domain groups.
>
<snip...>
> My short term idea is that it would be usefull
> for people who wants to grant privs to a group of users.
>
> As a sidenote, I know 1 real case where that's a problem
> for a friend currently: IIS running on a NT member server
> of a samba domain. IIS runs as a service and thus
> have only access to local groups, as our groups are
> not domain groups, he can't grant domain users
> access to IIS.
I see now. However for simplicity sake, would it be better
to fix the domain member group mapping code and use that
to implement this.
For example, assume that a samaba member server sets
up the following mapping table
sysadmin : "Domain Administrators"
students, faculty : "Domain Users"
Now if this were a member server as I said, the
right hand side would be valid group names on
the PDC.
If this were configured on a Samba PDC, then the
mapping simply presents a rename, but I like the idea
of being able to map multiple UNIX groups
to a single domain group. Only groups listed
are considered to be domain groups. All other in
/etc/group or NIS are ignored.
Now for another point of clarification, is it the case
that local groups on a Samba PDC are useless and will
never be referenced?
> Sidenote number 2: our handling of groups sucks :-)
> It's some crappy prototype code.
Preach the truth! :-)
> sidenote 3: yes jeremy, this option would be only
> valid when samba is the PDC.
ok.
> Anyway, the idea is that you could give privs to
> users on workstations by including domain groups
> in local groups (on the wks).
Cheers, jerry
----------------------------------------------------------------------
/\ Gerald (Jerry) Carter Professional Services
\/ http://www.valinux.com VA Linux Systems gcarter at valinux.com
http://www.samba.org SAMBA Team jerry at samba.org
http://www.eng.auburn.edu/~cartegw
"...a hundred billion castaways looking for a home."
- Sting "Message in a Bottle" ( 1979 )
More information about the samba-technical
mailing list