[Samba] samba3 - On-the-Fly Machine Accounts - domain admin g
roup?
Rauno Tuul
rauno.tuul at haigekassa.ee
Sat Sep 6 19:06:02 GMT 2003
Hi,
-----Original Message-----
From: John H Terpstra [mailto:jht at samba.org]
> "domain admin group" removed
>
> Because you now have something much more powerful that provides real NT
> Groups to your NT/200x/XP clients.
But if I use LDAP for both Samba and system auth.
The groups, what I added with base.ldif (idealx) exist in samba and system.
for example "getent group" shows me all groups in system (/etc/group + ldap
entries).
> Here are the basic steps:
>
> 1. Add a UNIX group account that will be mapped to the NT Domain Admins
> global group:
> groupadd ntadmins
How samba knows, that users in that group may update LDAP base? based on
groupmap entry? If no groupmapping is done, then noone except "admin user"?
> 2. Now add the UNIX users who should be a member of the NT Domain Admins
> group to the UNIX ntadmins account:
>
> a) You can edit /etc/group so that the ntadmins entry looks like:
> ntadmins:x:543:maryo,willy,billg
>
> Now map the UNIX group to the NT Domain Admins group:
> net groupmap add ntgroup="Domain Admins" unixgroup=ntadmins
If I'm correct:
net groupmap add ntgroup="Domain Admins" unixgroup=whatevergroup
is a must be for adding On-the-Fly Machine Accounts?
But what if I already did it in LDAP?
I added a group name "Domain Admins" to my base, added users to group. It's
useless?
As I followed your instructions, I made a random group.
But problem is... I can't get working "net groupmap list" and "net groupmap
add" commands.
Something is wrong, but I can't figure out what it is...
Here are the files and data of my current state and problem:
http://raunz.pri.ee/linux/samba/samba3/
smb.conf
getent group & getent passwd
ldap data
debug output of "net groupmap..." commands
> Hope this helps! IT is covered in the Samba-HOWTO-Collection.pdf file that
> is included with Samba-3 in the docs directory.
I read it... even tried to use that script for group adding... nothing.
Honestly said, I'm pretty lost in here...
Regards,
Rauno
More information about the samba
mailing list