[Samba] Samba PDC+Domain Admin Group
rruegner
robowarp at gmx.de
Fri Oct 24 20:44:20 GMT 2003
hi
enable group mapping from unix to samba 3
and include the wanted user to the wanted groups
you can do that with usrmgr if you want to, or via net groupmap ( study
FAQS )
here smb.conf for suse 8.2 and group init script
samba as pdc with german umlauts working
with fprot daemon for antivirus on demand
for the master admin you may use "adminusers = root" ( which mean root user
not the unix group root )
#!/bin/bash
net groupmap modify ntgroup="Domain Admins" unixgroup=root
net groupmap modify ntgroup="Domain Users" unixgroup=users
net groupmap modify ntgroup="Domain Guests" unixgroup=nobody
net groupmap modify ntgroup="Administrators" unixgroup=ntadmin
net groupmap modify ntgroup="Users" unixgroup=users
net groupmap modify ntgroup="Guests" unixgroup=nobody
net groupmap modify ntgroup="System Operators" unixgroup=sys
net groupmap modify ntgroup="Account Operators" unixgroup=ntadmin
net groupmap modify ntgroup="Backup Operators" unixgroup=bin
net groupmap modify ntgroup="Print Operators" unixgroup=lp
net groupmap modify ntgroup="Replicators" unixgroup=daemon
net groupmap modify ntgroup="Power Users" unixgroup=sys
#
# Generated by
/usr/share/doc/packages/samba3/examples/misc/modify_samba_config.pl
#
[global]
browseable = no
largereadwrite = yes
passwdprogram = /usr/bin/passwd %u
logonscript = login.bat
logonhome = \\%L\%u
bindinterfacesonly = Yes
netbiosname = musi
nameresolveorder = wins bcast hosts
addsharecommand =
/usr/share/doc/packages/samba3/examples/misc/modify_samba_config.pl
ntaclsupport = yes
deletesharecommand =
/usr/share/doc/packages/samba3/examples/misc/modify_samba_config.pl
usernamemap = /etc/samba/smbusers
idmapuid = 15000-20000
winshook = /usr/share/doc/packages/samba3/examples/wins_hook/dns_update
addmachinescript = /usr/sbin/useradd -g Machines -c Machine -d /dev/null -s
/bin/false %u
hostmsdfs = Yes
printcapname = cups
deleteuserscript = /usr/sbin/userdel -r %u
domainlogons = yes
shutdownscript = /sbin/shutdown
logfile = /var/log/samba/%m
socketoptions = TCP_NODELAY SO_KEEPALIVE SO_SNDBUF
winsproxy = Yes
logondrive = Z:
addusertogroupscript = /usr/bin/gpasswd -a %u %g
workgroup = MUSI
pampasswordchange = Yes
idmapgid = 15000-20000
domainmaster = yes
adminusers = root, Administrator
timeserver = yes
ldapssl = no
displaycharset = ISO8859-1
addgroupscript = /usr/sbin/groupadd -r %g
abortshutdownscript = /sbin/shutdown -c
deleteuserfromgroupscript = /usr/bin/gpasswd -d %u %g
vetofiles =
/*.eml/*.nws/riched20.dll/*.{*}/.AppleDouble/.bin/.AppleDesktop/Network
Trash Folder/.*/
delete veto files = yes
loglevel = 2
adduserscript = /usr/sbin/useradd -m %u
hidedotfiles = yes
setprimarygroupscript = /usr/sbin/usermod -g '%g' '%u'
usesendfile = Yes
unixcharset = ISO8859-1
interfaces = lo, eth1, eth2
hidefiles = /.*/DesktopFolderDB/TrashFor%m/resource.frk/
hostsallow = 127., 10.10.10.
keepalive = 255
passdbbackend = smbpasswd:/etc/samba/smbpasswd, guest
deletegroupscript = /usr/sbin/groupdel %g
loadprinters = No
serverschannel = Yes
localmaster = yes
unixpasswordsync = Yes
winssupport = Yes
logonpath = \\%L\%U\profile
passwdchat = *password* %n\n *password* %n\n *changed*
changesharecommand =
/usr/share/doc/packages/samba3/examples/misc/modify_samba_config.pl
doscharset = CP850
syslog = 0
utmp = Yes
oslevel = 255
vfs object = vscan-fprotd netatalk audit recycle:repository recycle:keeptree
recycle:versions
## Section - [files]
[files]
readonly = No
cscpolicy = disable
comment = public files
browseable = yes
writeable = yes
path = /files/pub
guestok = yes
vfs object = vscan-fprotd netatalk audit recycle:repository recycle:keeptree
recycle:versions
## Section - [homes]
[homes]
readonly = No
comment = Home Directories
browseable = No
cscpolicy = disable
guest ok = No
vfs object = vscan-fprotd netatalk audit recycle:repository recycle:keeptree
recycle:versions
## Section - [netlogon]
[netlogon]
sharemodes = No
rootpreexec = /var/lib/samba/netlogon/login.pl %U %G %m %L
comment = Netlogon Share
browseable = No
path = /var/lib/samba/netlogon
guestok = Yes
writelist = @ntadmin
locking = no
public = no
cscpolicy = disable
vfs object = vscan-fprotd netatalk audit recycle:repository recycle:keeptree
recycle:versions
## Section - [smbmonitor]
[smbmonitor]
readonly = No
cscpolicy = disable
comment = security smb logs
browseable = no
writeable = yes
path = /smbmonitor
guestok = yes
vfs object = vscan-fprotd netatalk audit recycle:repository recycle:keeptree
recycle:versions
## Section - [wincd]
[wincd]
readonly = No
cscpolicy = disable
comment = security smb logs
browseable = no
path = /wincd/win2k/mnt
writelist = @ntadmin
guestok = yes
vfs object = vscan-fprotd netatalk audit recycle:repository recycle:keeptree
recycle:versions
##########################################################
#use this if you want profiles in a seperate share
#[profiles]
# comment = Roaming Profile Share
# path = /files/profiles
# read only = No
# browseable = No
#
# end of generated smb.conf
#
hope this helps, you check man smb.conf too
Best Regards
----- Original Message -----
From: "Sebastian Davancens" <s_davancens at yahoo.com.ar>
To: <samba at lists.samba.org>
Sent: Friday, October 24, 2003 9:38 PM
Subject: **SPAM** [Samba] Samba PDC+Domain Admin Group
> hi all. recectly i made the migration from samba 2.2.8
> to 3.0. everything is working fine, except that i
> dont know how to grant administrator privileges in win
> 2000 clients. with 2.2.8, i used DOMAIN ADMIN GROUP
> parameter ( domain admin group = @adm) but its been
> removed in samba 3.0, and i dont know what to do. any
> help will be apreciated
> thanks in advance
> sebastian
>
> ------------
> Internet GRATIS es Yahoo! Conexión
> 4004-1010 desde Buenos Aires. Usuario: yahoo; contraseña: yahoo
> Más ciudades: http://conexion.yahoo.com.ar
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: http://lists.samba.org/mailman/listinfo/samba
>
>
More information about the samba
mailing list