[Samba] XP user priviledges with Samba

Bradley W. Langhorst brad at langhorst.com
Thu Oct 3 18:01:01 GMT 2002


On Thu, 2002-10-03 at 13:12, Jim Durham wrote:

> 
> A couple of questions: 
>   I'm having trouble understanding terminology regarding the "group"
>   that you are referring to. Are you saying to create a new unix group
>  called "admins" and add the user to it? Or is this the local admin group
>  on the XP box?
i'm referring to lots of groups...
I don't know what the best implementation for your site is...
If it is a small site or turnover of workstations is low and you don't
need regular users to have admin priveledge on all the machines then you
can simply add the samba user to the local Admins group on every
workstation.

If you need to be able to manage the list of local admins globally then
you should 
-create a unix group local_admins 
-add all the users...
-set up a mapping between the samba group "Domain Admins" and your
local_admins (look up Domain Admin in smb.conf's manual)
-then on the workstations - add the Domain Admins group to the local
Admins group using the XP usermanager...

> 
>   Would you recommend upgrading to samba 3? 
no
> I've got another issue
>   regarding BDC on a different subnet that doesn't seem to work properly
>   with XP and I'm wondering if samba 3 would handle that better. The
>   BDC gets its machine ID file and it's smbpasswd, etc/passwd, /etc/master.
>  passwd and the password databases from the master, but occasionally
>   you suddenly can't log in from the machines on the subnet where the
>   BDC lives. I think it's when the network latency between the main
>   site and the remote LAN is bad. Killing domain logons on the BDC fixes
>   it. Perhaps that  is a reason to consider samba3?

It sounds to me like you need a replicated ldap server on the bdc - that
way the BDC will still work if the link goes down.

brad




More information about the samba mailing list