domain groups and admin users in 2.2

Gerald Carter gcarter at valinux.com
Mon May 7 20:46:33 GMT 2001


After spending some time looking at srv_util.c:get_domain_user_groups()
I have come to a couple of conclusions.  Note that these apply only to 2.2
and only until we get group mapping support done.

I propose that we remove the 'domain admin users' and 'domain guest users'
parameter as these are really ugly hacks which for a rid for a particular
user.  Since there should be a one to one mapping between names and rids,
this is problematic at best.

I also propose that the 'domain admin group' and 'domain guest group'
be renamed to 'domain admins' and 'domain guests' respectively.  For those
that don't know, these two parameters force group membership into "Domain
Admins" or "Domain Guests" for the listed users/groups.  E.g.

	domain admins = root @wheel
	domain guests = nobody @guest

For the sake of backwards compatibility, the smb.conf parser will still
accept the old parameter names, but only the new names will be documented.

Now there is another parameter called 'domain groups' which is a string of
group names which will be added to all users.  This is another hack which
can be left in, but should be removed as soon as a better solution is
available. I really don't like this one.

Comments?






Cheers, jerry
----------------------------------------------------------------------
   /\  Gerald (Jerry) Carter                     Professional Services
 \/    http://www.valinux.com/  VA Linux Systems   gcarter at valinux.com
       http://www.samba.org/       SAMBA Team          jerry at samba.org
       http://www.plainjoe.org/                     jerry at plainjoe.org

       "...a hundred billion castaways looking for a home."
                                - Sting "Message in a Bottle" ( 1979 )






More information about the samba-technical mailing list