[Samba] Windows domain group policies

Gémes Géza geza at kzsdabas.sulinet.hu
Sat Jun 21 18:25:14 GMT 2003 

John H Terpstra írta:

>On Sat, 21 Jun 2003, Thomas Angst wrote:
>
>  
>
>>Hello,
>>
>>first, thanks for that link. I read the chapters 5,7,23 and 24. And I
>>know now, that my question was wrong.
>>What I really want is to tell each client, that this user is an
>>Administrator or is member of an other group I created for w2k clients.
>>But all users are per default set to the standard user group. How can I
>>set the membership of specific users to another w2k group?
>>    
>>
>
>Please explain how you would do this in Windows 2000 Advanced Server so
>that I can get an idea of what we need to do to allow this to be done in
>Samba.
>
>  
>
>>But there is another problem now, which I cannot solve and it seems I am
>>not alone with it.
>>To use policies, Samba has to run as a PDC. And the clients should be
>>registred on it. And there is the problem. After I changed the parameter
>>add user script to add machine script (maybe you should more emphasise
>>in your document, that it has changed) I can now join a machine to the
>>domain.
>>After an on the fly joining there is an entry in /etc/passwd and in
>>/etc/samba/smbpasswd is it too.
>>But, after the necessary reboot on the client (w2k SP3) I will get the
>>error message:
>>computer account is not trusted (translated, I am using a german version
>>of w2k)
>>
>>And with Samba versions 2.2.X and the same config file (more or less) on
>>the same machine with the same client it is working.
>>Is this a bug in Samba 3.0b?
>>    
>>
>
>This is a bug in samba-3.0.0beta1 it is being fixed.
>
>- John T.
>  
>

Could you tell if are there any workarounds? A patch or something?
Thanx in advance

Geza Gemes

>  
>
>>I'm using:
>>Debian 3.0r1
>>Samba 3.0.0b (Debian unstable)
>>
>>Thomas
>>
>>John H Terpstra schrieb:
>>
>>    
>>
>>>On Fri, 20 Jun 2003, Thomas Angst wrote:
>>>
>>>
>>>
>>>      
>>>
>>>>Hello,
>>>>
>>>>Does anybody have an idea how I can set a group membership to a domain user?
>>>>I don't wan't to set the group membership on each computer one by one.
>>>>And all Windows admins I asked, doesn't have any anticipation how this
>>>>will work, if they don't have a button for click it.
>>>>
>>>>
>>>>        
>>>>
>>>Chapter 23 and 24 of:
>>>
>>>http://samba.org/~jht/NT4migration/Samba-HOWTO-Collections.pdf
>>>
>>>If still not clear then please tell us what to fix. We MUST get this right
>>>before Samba-3 ships.
>>>
>>>- John T.
>>>
>>>
>>>      
>>>
>>    
>>
>
>  
>

More information about the samba mailing list