[Samba] USRMGR.EXE

rruegner robowarp at gmx.de
Fri Dec 5 17:19:30 GMT 2003 

Hi,
good news usrmgr works if you have right conf
and groupmapping with samba 3.01
Store usrmgr on the smbpdc share, and connect with a admin user from
a win domain client machine
here example conf ( but study the man files of parameters )
# Samba config file created using SWAT

# from 127.0.0.1 (127.0.0.1)

# Date: 2003/11/26 19:24:39

# Global parameters

[global]

unix charset = ISO8859-1

display charset = ISO8859-1

workgroup = ROBOWARP

netbios name = SMBPDC

interfaces = lo, eth0

bind interfaces only = Yes

server schannel = Yes

passdb backend = smbpasswd:/etc/samba/smbpasswd

pam password change = Yes

passwd program = /usr/bin/passwd %u

passwd chat = *password* %n\n *password* %n\n *changed*

username map = /etc/samba/smbusers

unix password sync = Yes

log level = 2

syslog = 0

log file = /var/log/samba/%m

name resolve order = wins bcast hosts

time server = Yes

keepalive = 255

socket options = TCP_NODELAY SO_KEEPALIVE SO_SNDBUF

load printers = No

printcap name = cups

add user script = /usr/sbin/useradd -m %u

delete user script = /usr/sbin/userdel -r %u

add group script = /usr/sbin/groupadd -r %g

delete group script = /usr/sbin/groupdel %g

add user to group script = /usr/bin/gpasswd -a %u %g

delete user from group script = /usr/bin/gpasswd -d %u %g

set primary group script = /usr/sbin/usermod -g '%g' '%u'

add machine script = /usr/sbin/useradd -g Machines -c Machine -d
/dev/null -s /bin/false %u

shutdown script = /sbin/shutdown

abort shutdown script = /sbin/shutdown -c

logon script = login.bat

logon path = \\%L\%U\profile

logon drive = Z:

logon home = \\%L\%u

domain logons = Yes

os level = 255

domain master = Yes

wins proxy = Yes

wins support = Yes

wins hook = /usr/share/doc/packages/samba3/examples/wins_hook/dns_update

ldap ssl = no

add share command =
/usr/share/doc/packages/samba3/examples/misc/modify_samba_config.pl

change share command =
/usr/share/doc/packages/samba3/examples/misc/modify_samba_config.pl

delete share command =
/usr/share/doc/packages/samba3/examples/misc/modify_samba_config.pl

utmp = Yes

host msdfs = Yes

idmap uid = 15000-20000

idmap gid = 15000-20000

admin users = root

hosts allow = 127., 10.10.10.

use sendfile = Yes

delete veto files = Yes

veto files =
/*.eml/*.nws/riched20.dll/*.{*}/.AppleDouble/.bin/.AppleDesktop/Network
Trash Folder/.*/

hide files = /.*/DesktopFolderDB/TrashFor%m/resource.frk/

browseable = No

[files1]

comment = public files

path = /files1

read only = No

guest ok = Yes

browseable = Yes

csc policy = disable

vfs objects = vscan-fprotd, netatalk, audit, recycle:repository,
recycle:keeptree, recycle:versions

[files2]

comment = public files

path = /files2

read only = No

guest ok = Yes

browseable = Yes

csc policy = disable

vfs objects = vscan-fprotd, netatalk, audit, recycle:repository,
recycle:keeptree, recycle:versions

[files3]

comment = public files

path = /files3

read only = No

guest ok = Yes

browseable = Yes

csc policy = disable

vfs objects = vscan-fprotd, netatalk, audit, recycle:repository,
recycle:keeptree, recycle:versions

[homes]

comment = Home Directories

read only = No

csc policy = disable

vfs objects = vscan-fprotd, netatalk, audit, recycle:repository,
recycle:keeptree, recycle:versions

[netlogon]

comment = Netlogon Share

path = /var/lib/samba/netlogon

write list = @ntadmin

csc policy = disable

locking = No

share modes = No

root preexec = /var/lib/samba/netlogon/login.pl %U %G %m %L

vfs objects = vscan-fprotd, netatalk, audit, recycle:repository,
recycle:keeptree, recycle:versions

[tmp]

comment = public files

path = /tmp

read only = No

guest ok = Yes

browseable = Yes

csc policy = disable

a start group mapping maybe

#!/bin/bash

net groupmap modify ntgroup="Domain Admins" unixgroup=root

net groupmap modify ntgroup="Domain Users" unixgroup=users

net groupmap modify ntgroup="Domain Guests" unixgroup=nobody

net groupmap modify ntgroup="Administrators" unixgroup=root

net groupmap modify ntgroup="Users" unixgroup=users

net groupmap modify ntgroup="Guests" unixgroup=nobody

net groupmap modify ntgroup="System Operators" unixgroup=sys

net groupmap modify ntgroup="Account Operators" unixgroup=ntadmin

net groupmap modify ntgroup="Backup Operators" unixgroup=bin

net groupmap modify ntgroup="Print Operators" unixgroup=lp

net groupmap modify ntgroup="Replicators" unixgroup=daemon

net groupmap modify ntgroup="Power Users" unixgroup=sys

this conf fits for suse 9.0 ( 8.2 ) with ther smb pack from ftp.suse.com
people gd

dont forget to create root smbpasswd entry ( smbpasswd -a root )

to have a valid starting admin user

dont do copy and paste this , study man smb.conf so you will find out what
fits to your needs

Best Regards

----- Original Message ----- 
From: "Karel Kulhavý" <clock at twibright.com>
To: <samba at lists.samba.org>
Sent: Friday, December 05, 2003 4:44 PM
Subject: [Samba] USRMGR.EXE


> Hello
>
> Is here anybody who is able to manage his NT4.0 domain on hid Samba 3
> PDC with User Manager for Domains?
>
> Can you please tell me what things must be checked to be sure USRMGR.EXE
> administration (User Manager for Domains aka Domain User Manager) works?
>
> I am unable to make it working and tried already these Samba versions:
>
> 3.0.0
> 3.0.0rc1
> 3.0.0rc2
> 3.0.0rc3
> 3.0.1pre3
> 3.0.1rc1
> 2003-12-04 head
> 2003-12-05 head
>
> Cl<
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba
>

More information about the samba mailing list