Asunto: Re: [Samba] Question about Authentication

Gustavo Cremella Donedoni cremella at adinet.com.uy
Tue Sep 9 18:04:00 GMT 2003


I think that user groups defined on the PDC are Domain "wide" Groups, while
groups defined on others Sambas acting as server are local. This include
local group of Windows machines.

I know how to manages Permisions on win NT/2k shares to setup permisions
based on Domain Users and Groups, but no on how to manage ACLs on Sambas
servers. May be you need win_bind to make the server see the PDC's users
and groups as their own.

It also helps a lot running a new kernel with ACLs and Extended Attributes
enabled over a filesystem capable of that.

Good luck, Gus


>-- Mensaje original --
>Date: Tue, 09 Sep 2003 16:50:34 +0200
>From: "SerpentMage (Christian Gross)" <mailing at devspace.com>
>To: Tom Dickson <bombcar at bombcar.com>, samba at lists.samba.org
>Subject: Re: [Samba] Question about Authentication
>Cc: 
>
>
>Tom Dickson wrote:
>
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> I think thank the Power Users group is a LOCAL group, i.e., it only
>> exists on the machine that it is created on.
>>
>> You probably want another group.
>
>Ok, lets call this group "Super Duper Users", and I apologize the name

>mix up...
>
>So how would one do that?  Using the outline described below.
>
>Thanks
>
>>
>> SerpentMage (Christian Gross) wrote:
>> | Ok, I apologize if this question has come up.  I searched the mailing
>> | lists and did not find a conclusive answer.  Unless of course I am
>> | missing some point.
>> |
>> | Here is what I am trying to do...
>> |
>> | I have a domain DEV-DOMAIN.  In this domain there is the PDC X (Samba)
>> | and Server Y (Windows or Samba).  A client that accesses the network
>> | uses client machine A (Windows), which is also part of the domain.
 
>> User
>> | Me logs onto the domain from client machine A and is recognized by
the
>> | PDC as User Me with Power User rights.  On Server Y a share has been
>> | made free with Power User rights, but not explicitly defined the user.
>> | When User Me logs on they want to be able to get access to the 
>> Server Y.
>> |
>> | Exactly how would that be set up?  I understand how to setup individual
>> | users, create a domain and give user permissions on shares.  My 
>> question
>> | relates to how groups are handled across the domain.  I do not seem
to
>> | see much documentation on this aspect (maybe I am missing something).
>> |
>> | Could somebody enlighten me on how groups are handled?  Thanks
>> |
>> | Christian Gross
>> |
>> -----BEGIN PGP SIGNATURE-----
>> Version: GnuPG v1.2.1 (GNU/Linux)
>> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>>
>> iD8DBQE/Xb3BRliD/69byygRAgtyAJ98E8/cIoNG9UDugENf7Ked8qp+NwCeKlmD
>> 3kAUROfrpfm9llfmZEFo0WA=
>> =2QeD
>> -----END PGP SIGNATURE-----
>>
>>
>
>-- 
>To unsubscribe from this list go to the following URL and read the
>instructions:  http://lists.samba.org/mailman/listinfo/samba





More information about the samba mailing list