[Samba] policy files

Adam Tauno Williams adamtaunowilliams at gmail.com
Fri Jun 1 12:45:19 GMT 2007 

> All the information I've been able to find references windows tools 

Of course.

> - the
> part I'm missing is where the windows tools stop and Samba takes over


It doesn't, at all.  NT4 domain policies require no action from the PDC
at all.  It is just a file loaded by the client from a specific place
and applied as a mask to the registry.  Samba does nothing and knows
nothing.

> Thanks for the tip - I think half my problem is I'm not exactly sure what
> I'm looking for.  

ADM files and POLEDIT.EXE

> I have Samba happily running as a Domain Controller and
> have the computers on the network in the domain.  However, I don't have any
> windows servers, and hence don't have a Windows Active Directory on my
> network. 

It has nothing to do with AD.

>  All my searching for information regarding policies and so on
> aren't turning up much because they all seem to refer to AD. 

You are seeing documentation on GPOs / Group Policies.  You want NT4
Domain Policies.  You need to look at *OLD* Windows documentation.  If
it doesn't mention NT4, or it mentions AD, ignore it.

> you (or anyone else) know if what I'm trying to do is possible using Samba
> on its own (and the GPO approach)? 

No, Samba 3.x cannot use GPOs.

>  I'm assuming that I need to learn and
> understand firstly how to create my policy (thanks for the help on this) and
> how to distribute it.

Putting in \\{server}\netlogon distributes is.

>   I'm hoping that the distribution is simply a matter
> of putting the appropriate file on a Samba share (once I know which share it
> is).

Yep.

> Re the book, thanks - I've ordred a copy on amazon, unfortunately its not
> available on Safari.
> > The *OFFICIAL* Samba documentation does cover this to some extend,
> > beyond that get a book.
> > http://us1.samba.org/samba/docs/man/Samba-HOWTO-Collection/PolicyMgmt.html
> I had read that, and thought I was doing the right thing (although missing
> the link between POL and ADM files).  Not sure how I'm going to get my hands
> on poledit.exe which I figure is my next step.

You have to find a copy of POLEDIT.EXE, or dig a copy of an older
Windows CD.

-- 
Adam Tauno Williams, Network & Systems Administrator
Consultant - http://www.whitemiceconsulting.com
Developer - http://www.opengroupware.org

More information about the samba mailing list