[Samba] User problems with Samba 2.2.3

Peter Erickson redlamb at redlamb.net
Wed Apr 3 22:35:03 GMT 2002

On Wed, Apr 03, 2002 at 05:11:27PM -0600, Thomas Klettke said:
> > I have a problem that im not too sure if its a samba issue or something
> else. I am in the process of
> > converting my Win2k server to a samba server. The restrictions on the
> machines here are really lose and we > allow the users to install onto their
> machines... the only thing that they arent allowed to do is any of
> > the the admin type things, such as adding users, etc. My problem is that
> none of the normal users (ones
> > that arent listed in the domain admin group) are able to install anything
> or change other things. I
> > thought that it might have to do with NT groups, but by everything that I
> have seen, Samba 2.2.3 doesnt
> > really have NT groups. Does anyone have any ideas on how to fix this?
> Peter,
> What I understand from your description is that you have the users setup on
> your current Win2k server (PDC?)as local administrators ("... we allow the
> users to install onto their machines ..."). If you want the same privileges
> for them on your Samba-controlled domain you would have to create a similar
> group on that new domain controller.
> Another possible scenario could be that you have changed the local policy on
> each NT/W2k workstation to give users additional privileges. In this case
> you would have to do the same modifications for the users of the new domain.
> You didn't specify which kind of security you were using previously, e.g.
> was that Win2k server a domain controller for your workstations, or was the
> security maintained on each machine individually with local accounts?

Sorry, I guess I didnt add enough info for you. I did this awhile ago and dont have notes in front of my so bear with me, Im trying to remember. When i originally setup the users that allowed them to i nstall, I created a new group that allowed everything pretty much (kinda like Administrators, but without somethings) a nd another 4 groups or so (divided among the postions in the company) and changed what they can and cant do through the domain policies that they download. For the users, i then added each user to the group like admins, and the group depend ing on the position in the company. The 4 groups, blocked what i didnt want them to do and everything worked fine. None of the users were setup in local groups.  It was all from a domain perspective. You mentioned something about creating a s imilar creating a similar group on that new samba domain controller; if i did this, how would i setup the security (what they can and can't do) with respect to the group?

I have the samba server setup with user security and the win2k server was a doma
in controller for the domain.
Thanks for the response.


More information about the samba mailing list