new smb.conf option

Gerald Carter gcarter at valinux.com
Fri Oct 6 22:23:42 GMT 2000


Jean Francois Micouleau wrote:
> 
> general overview of groups:
> 
> wks: local groups only
> member: local groups only
> pdc: local and domain groups.
> 
> - domains groups are also known as aliases groups.

No I remember now.  Local and aliases are the same
category on a PDC. 

> - a local group can contain users and domain groups.
> 
<snip...>
> My short term idea is that it would be usefull 
> for people who wants to grant privs to a group of users.
> 
> As a sidenote, I know 1 real case where that's a problem 
> for a friend currently: IIS running on a NT member server 
> of a samba domain. IIS runs as a service and thus 
> have only access to local groups, as our groups are
> not domain groups, he can't grant domain users 
> access to IIS.

I see now.  However for simplicity sake, would it be better
to fix the domain member group mapping code and use that
to implement this.

For example, assume that a samaba member server sets 
up the following mapping table

	sysadmin	  : "Domain Administrators"
	students, faculty : "Domain Users"

Now if this were a member server as I said, the
right hand side would be valid group names on
the PDC.  

If this were configured on a Samba PDC, then the
mapping simply presents a rename, but I like the idea
of being able to map multiple UNIX groups
to a single domain group.  Only groups listed
are considered to be domain groups.  All other in
/etc/group or NIS are ignored.

Now for another point of clarification, is it the case
that local groups on a Samba PDC are useless and will
never be referenced?

> Sidenote number 2: our handling of groups sucks :-) 
> It's some crappy prototype code.

Preach the truth! :-)

> sidenote  3: yes jeremy, this option would be only 
> valid when samba is the PDC.

ok.


> Anyway, the idea is that you could give privs to 
> users on workstations by including domain groups 
> in local groups (on the wks).






Cheers, jerry
----------------------------------------------------------------------
   /\  Gerald (Jerry) Carter                     Professional Services
 \/    http://www.valinux.com  VA Linux Systems    gcarter at valinux.com
       http://www.samba.org       SAMBA Team           jerry at samba.org
       http://www.eng.auburn.edu/~cartegw

       "...a hundred billion castaways looking for a home."
                                - Sting "Message in a Bottle" ( 1979 )




More information about the samba-technical mailing list