PDC Group based restriction, migrating from W2K to Samba.

[Sean]

This probably has been asked before but I've not yet found a decent
answer. At my work place we have an existing Windows network and are
slowly converting our W2K file servers to FreeBSD (for performance
issues).  We've had to stop the conversion as a few servers use group
based access control to certain directories.

Most of the file server shares are setup 'free for all' so it doesn't need
to converse with the NT4 PDC's at all.  Is there a relatively simple way
to let us control folder access?  We are not using anything complicated
right now just setting up a folder on a file server and directly 'sharing'
it.

The solutions I've found so far was to create accounts for everybody on
all the file servers (this would be a administrative nightmare) but I've
not seen anything regarding how to deal with PDC based groups.

We don't really care about authenticating on the servers just restricting
access by group membership.  In fact we don't want anyone logging into
them  (except administration) in any way.  Group based restrictions are
becoming more and more important at my company with new projects being
locked down to users that areworking on them.

I also wonder if it is possibly to control group membership on a
particular server from a Windows terminal (as domain Administrator)?

As for versions the file servers are using FreeBSD 4.5 and the version of
Samba that came with the release distribution.  The Windows file servers are
using Windows 2000 Professional or Advanced Server and the two PDC's are using
NT4.

I'd really like to solve this problem but I don't know much about Windows
domains and how Samba deals with them.  Any suggestions or pointers to
documents which may help on this problem specifically?

-- 
Sean