[Samba] Enforcing local profile doesn't let Home Directory mapping
Avinash Rao
avinash.aol at gmail.com
Wed Aug 19 01:05:28 MDT 2009
Am sorry i forgot to mention that i am not able to list
#net rpc group list -Uroot%not24get
Could not connect to server 127.0.0.1
Connection failed: NT_STATUS_CONNECTION_REFUSED
On Wed, Aug 19, 2009 at 12:34 PM, Avinash Rao<avinash.aol at gmail.com> wrote:
> Thanks for the reply..
> I am reading http://us1.samba.org/samba/docs/man/Samba-HOWTO-Collection/NetCommand.html
> to know the advantages of mapping user groups and if it is of any use
> to us.
>
> I also tried executing the root preexec =
> /etc/samba/scripts/autopoweruser.sh %U %m to add the user logging to
> the Power Users group on the local workstation, but it didn't work, i
> dont see it executing only.
>
>
>
> On Wed, Aug 19, 2009 at 12:20 PM, Michael Heydon<michaelh at jaswin.com.au> wrote:
>> Avinash Rao wrote:
>>>
>>> Also, is there a way i can control the file permission on the clients
>>> local harddrive from samba. For example, If a user A logs in to the
>>> samba domain, he will not have any access to the local hard drive, can
>>> we give permission from the samba, probably make that domain user a
>>> part of power users on the client machine.
>>>
>>
>> Not directly, I use cpau in the login scripts to escalate to a domain admin
>> and as that user run a script which does things like add certain domain
>> groups to the local admins group. Just remember group membership is worked
>> out before the login scripts are run, so the user will have to log out and
>> back in for any changes to take affect.
>>
>> It is a security risk (cpau doesn't encrypt the credentials, it uses some
>> secret encoding) so it isn't suitable for everyone, but it works well for
>> us.
>>
>> *Michael Heydon - IT Administrator *
>> michaelh at jaswin.com.au <mailto:michaelh at jaswin.com.au>
>>
>>
>
More information about the samba
mailing list