rauno.tuul at haigekassa.ee
Wed Sep 17 05:18:15 GMT 2003
> -----Original Message-----
> From: Gerald (Jerry) Carter [mailto:jerry at samba.org]
> |>IMHO groupmapping doesnt fill that hole, because whatever
> groupmap entry
> |>doesn't give admin rights on LDAP.
> You're thinking about this from the wrong perspective.
> The 'domain admin group' from 3.0 was a limited way to
> handle group mapping. Instead of being a smb.conf parameter,
> the domain admin group is now a mapping between the domain
> admins SID and a unix gid. The check will be pretty much
> the same. We'll just make the domain admin sid against
> the current user's NT_TOKEN.
> | Honestly said, the parameter "domain admin group" should come back.
> | Some say it isn't necessary.
> No. I can fix this just using the group mapping
> entry for "Domain Admins". We'll fix it post 3.0.0.
This LDAP access check for group mapping entry for "Domain Admins" is a good
idea and I'm glad to hear, that solution is coming. After some time, but
hopefully it comes...
- Rauno Tuul -
More information about the samba