Samba-HOWTO-Collection-- some comments/questions on chapter 11 and
Hansjoerg.Maurer at dlr.de
Wed Jul 16 07:20:22 GMT 2003
first of all thank you very much, for your great Sama-Howto-Collection.
It helps very much in configuring samba and understanding the background.
When reading chapter 11 and 12, I had some questions (from my point of
few as a non expert).
If the answers are not to complicated, an if you think, the
questions/comments are usefull, maybe you can include them.
I am trying to configure samba on linux as PDC with nss_ldap für single
sign on on linux and windows.
The connection from ldap and samba works fine.
In the following I try to describe what I am doing in order to fill
ldap with the group and user information.
At some points I am not sure, and maybe these point could be clarifeid
in the docu)
I have a root account in /etc/passwd and groups (lp etc in /etc/group)
-First of all, I am adding posix groups to ldap using gq.
Do I have to add groups like sys, lp to ldap to, in order to map them
to eg. "printer admins" later?
Do I have to use the same GID as in /etc/group or is this not neccessary
and samba reads /etc/groups (with passdb backend ldapsam:...,plain
-I map these groups to exitsing Windows groups with "net groupmap modify
The Built-In Windows Groups (eg Power Users") don't have to be in ldap
-If I add an additional Group (eg. sales) I have to add it as posix
group to ldap
and add it with "net groupmap add ..." to windows.
Is there an algorithmic realtion between the posix GID and the RID of
the group I can/should use
(eg 2*GID + 1001)?
-The I start adding users
Do I have to calculate the rid and the PrimaryGroupID out of the
UIDnumber and the GID with
Is this necessray, in order that the NT-User with RID=2*uidnumber+1000
can access the files of the unix-user with uidnumber?
-Do I have to add the windows users Administrator and guest to the ldap
I want my Domain-Admin-User Administrator be mapped to root.
Do I have to add a User "Adminitsrator" with UID=0 to the ldap?
If I do so, whats about the algorithmic mapping?
2*0+1000 is not the well known RID of the Domain Admin?
Same question with guest?
-Now (finally) I want to add Users with the NT-Usermanager.
Do I have to add the posix "adduser" command to smb.conf
which only fills the posix fields of sambaSAMaccount or do I have to add
a command like from the smbldap tools, which fills the Samba-parts to.
A lot of questions.
Maybe they sound silly, but they occur for me when thinking about how to
make it right.
And maybe they help you, to see, whate strange thoughts user out there
on things, which are totaly clear for you.
Thank you very much
Dr. Hansjoerg Maurer | LAN- & System-Manager
Deutsches Zentrum | DLR Oberpfaffenhofen
f. Luft- und Raumfahrt e.V. |
Institut f. Robotik |
Postfach 1116 | Muenchner Strasse 20
82230 Wessling | 82234 Wessling
Tel: 08153/28-2431 | E-mail: Hansjoerg.Maurer at dlr.de
Fax: 08153/28-1134 | WWW: http://www.robotic.dlr.de/
More information about the samba-technical