[Samba] Re: SAMBA PDC User Permissions, Admin Settings, and Logon?
Brent Torrenga
brent.torrenga at torrenga.com
Wed Feb 26 21:36:36 GMT 2003
I think the administrator group issue is not going to be resolved when we
get real support for mapping groups to windows, isn't it?
"Jason Norred" <jnorred at norredtech.com> wrote in message
news:1046233495.1443.13.camel at localhost.localdomain...
> I'm having a similiar problem on my 2.2.7 PDC. If my users are not
> listed in the domain admin group, then they have very restricted access
> to the windows registry when the login. Most of their programs will not
> work at all. I'm not sure at this point what the solution is. I want to
> see if there is a way to do something like add their DOMAIN user account
> to the LOCAL machines POWER USER group. I'm going to give it a shot in
> the morning.
>
> Do you have your /home issue fixed yet? I would be happy to help you
> with that if you are still having problems.
>
> If anyone has any ideas or suggestions about my registry permissions,
> let me know...
>
> Thanks,
> Jason N.
>
>
>
>
> On Tue, 2003-02-25 at 05:51, richard wrote:
>
> > Hi, Don't know if this is relevant but I read somewhere that including
> > below in [global] makes Samba do strange things? I believe this is a
> > "share" parameter? If this helps please post your results.
> >
> > profile acls = Yes
> >
> > Richard.
> >
> > On Tue, 2003-02-25 at 04:48, Nolan Garrett wrote:
> > > Hi all! First off, I'd like to thank you for the help you've
previously
> > > given me. I'd like to state a few of the problems I am now
experiencing,
> > > and you all can provide insight. I've read all the documentation I can
find
> > > and have surfed the archives for this newsgroup, but to no avail. Any
help
> > > would be greatly appreciated!
> > >
> > > (I am using SAMBA 2.2.7)
> > >
> > > Issue 1: If I don't have every user listed in the admin users =
section that
> > > I want to allow logon access, they cannot log on. I usually get a
domain
> > > unavailable error.
> > >
> > > Issue 2: If I don't set up each user account (w/ domain) on the WinXP
> > > machine I want to logon to, I get some kind of very, very limited
logon. It
> > > almost seems to be corrupted.
> > >
> > > Issue 3: This is my main frustration - I cannot seem to block access
to
> > > other peoples shares! EG user chrisg can access the nolan share, etc.
> > >
> > > Final Issue: Not a big problem, but I can't figure out how to set up
the
> > > CUPS drivers for the pdf-generator.
> > >
> > > Is it a winbind problem, bad config, or am I just a moron?
> > >
> > > Attached is my smb.conf
> > >
> > > # Samba config file created using SWAT
> > > # from gridlock.workgroup.net (192.168.0.5)
> > > # Date: 2003/02/24 18:08:30
> > >
> > > # Global parameters
> > > [global]
> > > netbios name = MAIN
> > > server string = Samba Server %v
> > > encrypt passwords = Yes
> > > passwd program = /usr/bin/passwd %u
> > > passwd chat = *New*UNIX*password* %n\n
*Retype*new*UNIX*password
> > > * %n\n *Enter*new*UNIX*password* %n\n *Retype*new*UNIX*password* %n\n
*p
> > > asswd: *all*authentication*tokens*updated*succesfully*
> > > unix password sync = Yes
> > > log level = 1
> > > log file = /var/log/samba/log.%m
> > > max log size = 50
> > > socket options = TCP_NODELAY IPTOS_LOWDELAY SO_KEEPALIVE
SO_RCVBU
> > > F=8192 SO_SNDBUF=8192
> > > printcap name = cups
> > > domain admin group = @admins
> > > add user script = /usr/sbin/useradd -d /dev/null -g
machines -s /bin
> > > /false -M %u
> > > logon script = %U.bat
> > > logon path = \\main\profiles\%U
> > > logon drive = Z:
> > > logon home = \\main\%U\.profile
> > > domain logons = Yes
> > > os level = 99
> > > domain master = Yes
> > > dns proxy = No
> > > wins support = Yes
> > > winbind uid = 10000-20000
> > > winbind gid = 10000-20000
> > > ; valid users = ahayes root danielleg chrisg rickg nolan
> > > admin users = root nolan chrisg rickg danielleg alyssag
> > > printer admin = nolan root
> > > hosts allow = 192.168.0. 127.
> > > ; profile acls = Yes
> > > printing = cups
> > >
> > > [homes]
> > > comment = Home Directory for %u
> > > read only = No
> > > create mask = 0660
> > > directory mask = 0770
> > > browseable = No
> > > oplocks = No
> > > level2 oplocks = No
> > >
> > > [netlogon]
> > > comment = Network Logon Service
> > > path = /var/lib/samba/netlogon
> > > write list = root nolan
> > >
> > > [profiles]
> > > path = /var/lib/samba/profiles
> > > read only = No
> > > create mask = 0600
> > > directory mask = 0700
> > > guest ok = Yes
> > > browseable = No
> > > csc policy = disable
> > >
> > > [printers]
> > > comment = All Printers
> > > path = /var/spool/samba
> > > printer admin = root nolan
> > > guest ok = Yes
> > > printable = Yes
> > > browseable = No
> > >
> > > [print$]
> > > comment = Printer Drivers
> > > path = /etc/samba/drivers
> > > write list = root nolan
> > >
> > > [pdf-generator]
> > > comment = PDF Generator (only valid users!)
> > > path = /var/tmp
> > > printable = Yes
> > > print command = /usr/share/samba/scripts/print-pdf %s ~%u
\\\\\\\\%L
> > > \\\\%u %m &
> > >
> > > [public]
> > > comment = Public
> > > path = /home/samba/public
> > > read only = No
> > > guest ok = Yes
> > >
> > >
> > >
> > > --
> > > To unsubscribe from this list go to the following URL and read the
> > > instructions: http://lists.samba.org/mailman/listinfo/samba
>
> --
> Jason Norred <jnorred at norredtech.com>
> Norred Technical Services
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: http://lists.samba.org/mailman/listinfo/samba
>
More information about the samba
mailing list