[Samba] Internet Explore/ Domain Groups
Richard Ssekibuule
rkayondo at ics.mak.ac.ug
Thu Nov 6 14:31:51 GMT 2003
I upgraded my PDC to samba 3.0, but am still facing group management problems.
I did group mappings but I can't join computers to the domain using a normal
user account with admin rights.
I changed the backend db to tdbsam but I still failed.
The USRMGR.EXE can read contents of my domain, but cannot make any changes to
it.
1. When I try to enable "User Cannot Change Password" I get the error: "The
procedure number is out of range"
2. When I try to add users to a group, I get "Incorrect function"& "Group name
not found" errors.
Grateful for your help.
Richard.
On Thursday 30 October 2003 07:33, Richard Ssekibuule wrote:
> Thanks big time for your advice.
> The solution is clearer now.
> Richard.
>
> On Wednesday 29 October 2003 21:49, rruegner wrote:
> > hi,
> > i am not sure if i understand you in the right way but
> > this are the magic to make squid use transparent
> > #transproxy feature, very cool content filtering can be done with
> > squidguard #iptables -t nat -A PREROUTING -i eth2 -s ! 10.10.10.2 -p tcp
> > --dport 80 -j DNAT --to 10.10.10.2:3128
> > #iptables -t nat -A POSTROUTING -o eth2 -s 10.10.10.0/24 -d 10.10.10.2 -j
> > SNAT --to 10.10.10.2
> > #iptables -A FORWARD -s 10.10.10.0/24 -d 10.10.10.2 -i eth2 -o eth2 -p
> > tcp --dport 3128 -j ACCEPT
> > for sure you have to enable additional stuff in squid.conf and change
> > settings to your need in example above ( study man squid)
> > as you know changing settings for ie i think is only allowed for
> > powersusers ( but i am not sure at the moment )
> > but in fact if your users cant change it they have no permission too.(win
> > stuff)
> > As i think if you want to give them the permission to change i e settings
> > you have to give them
> > higher prior on their local workstations.( like superuser etc.)......not
> > all users are equal in their needs!
> > But as i remember i had never problem with that, if you store their
> > profiles in their homes on samba.( when i use this old distro setup )
> > But in Version 2.2.5 there is not a valid group mapping between samba /
> > unix to windows,
> > therefore an for other reason (security ) you should upgrade t samba 3 (
> > load it from ftp.suse.com people gd )
> > than you can build a nearly equal nt4 pdc with group mapping
> > match the groups with that bash script
> > #!/bin/bash
> >
> > net groupmap modify ntgroup="Domain Admins" unixgroup=root
> > net groupmap modify ntgroup="Domain Users" unixgroup=users
> > net groupmap modify ntgroup="Domain Guests" unixgroup=nobody
> > net groupmap modify ntgroup="Administrators" unixgroup=ntadmin
> > net groupmap modify ntgroup="Users" unixgroup=users
> > net groupmap modify ntgroup="Guests" unixgroup=nobody
> > net groupmap modify ntgroup="System Operators" unixgroup=sys
> > net groupmap modify ntgroup="Account Operators" unixgroup=ntadmin
> > net groupmap modify ntgroup="Backup Operators" unixgroup=bin
> > net groupmap modify ntgroup="Print Operators" unixgroup=lp
> > net groupmap modify ntgroup="Replicators" unixgroup=daemon
> > net groupmap modify ntgroup="Power Users" unixgroup=sys
> >
> > you can use than USRMGR.EXE for create users groups etc
> > in my setup this works fine....with nt policies i am able to give
> > different users/groups to different proxies and fine tune the content
> > filtering ie. example adults and kids
> > machine adding on the fly to samba 3 work now too
> > study the new faqs for samba.
> > note that the out of the boy version from suse is not valid for a good
> > working pdc
> > ( for 700 users you should use ldap with samba not smbpasswd )
> > Good Luck
> > Best Regards
> >
> > ----- Original Message -----
> > From: "Richard K Ssekibuule" <rkayondo at ics.mak.ac.ug>
> > To: <samba at lists.samba.org>
> > Sent: Wednesday, October 29, 2003 7:11 PM
> > Subject: [Samba] Internet Explorer
> >
> > > I have successfully setup a samba 2.25 PDC on SuSE8.1 for my 700 users.
> > > My problem: These users cannot change their Internet explorer proxy
> >
> > setting.
> >
> > > Question: How can I grant rights to change Internet explorer settings
> > > without compromising administrative security?
> > >
> > > My kernel cannot do transparent proxy, but I use squid to schedule
> > > users Internet access.
> > > The server running squid is different from the one running
> > > squid/gateway.
> > >
> > > Thanks in advance.
> > >
> > > Richard.
> > > --
> > > To unsubscribe from this list go to the following URL and read the
> > > instructions: http://lists.samba.org/mailman/listinfo/samba
More information about the samba
mailing list