[Samba] XP user priviledges with Samba

Jim Durham jimd at nepinc.com
Thu Oct 3 18:25:01 GMT 2002 

On Thursday 03 October 2002 02:00 pm, Bradley W. Langhorst wrote:
> On Thu, 2002-10-03 at 13:12, Jim Durham wrote:
> > A couple of questions:
> >   I'm having trouble understanding terminology regarding the "group"
> >   that you are referring to. Are you saying to create a new unix group
> >  called "admins" and add the user to it? Or is this the local admin group
> >  on the XP box?
>
> i'm referring to lots of groups...
> I don't know what the best implementation for your site is...
> If it is a small site or turnover of workstations is low and you don't
> need regular users to have admin priveledge on all the machines then you
> can simply add the samba user to the local Admins group on every
> workstation.
>
> If you need to be able to manage the list of local admins globally then
> you should
> -create a unix group local_admins
> -add all the users...
> -set up a mapping between the samba group "Domain Admins" and your
> local_admins (look up Domain Admin in smb.conf's manual)
> -then on the workstations - add the Domain Admins group to the local
> Admins group using the XP usermanager...
>
> >   Would you recommend upgrading to samba 3?
>
> no
>
> > I've got another issue
> >   regarding BDC on a different subnet that doesn't seem to work properly
> >   with XP and I'm wondering if samba 3 would handle that better. The
> >   BDC gets its machine ID file and it's smbpasswd, etc/passwd,
> > /etc/master. passwd and the password databases from the master, but
> > occasionally you suddenly can't log in from the machines on the subnet
> > where the BDC lives. I think it's when the network latency between the
> > main site and the remote LAN is bad. Killing domain logons on the BDC
> > fixes it. Perhaps that  is a reason to consider samba3?
>
> It sounds to me like you need a replicated ldap server on the bdc - that
> way the BDC will still work if the link goes down.
>
> brad
 I'm just adding each user to the admins group. We don't
have that much turnover.

I'm interested in the ldap thing. I use LDAP for local address books here,
so I have one server on line.

Thanks much.
-Jim

More information about the samba mailing list