coding binge coming on.

Jamie ffolliott jmeff at engsoc.queensu.ca
Sat Mar 6 00:26:24 GMT 1999 

Hi luke,

Yup, here's some ideas for your coding spree that I've been waiting for ;)

- Account Expiry
  This alone would be a great new feature... to set a policy to have users
change their password every X days (eg. 90 days), now that ctrl-alt-del
password changing works great. NT handled that nicely through the User
Manager, as a password expiry policy, and with the per-user option to
disable this ie. "password never expires", so on first logon after expiry,
they'd be prompted to change password before logging on.  I heard something
about a "password last changed" field in the smbpasswd file, but haven't see
this yet in my passwd file.  Can there be a similar domain-wide option in
smb.conf to initiate password expiry every X days, with an extra field in
the smbpasswd file to disable it on a per-user basis?

- More NT Domain Group support
  This still seems very new..  It would be nice to be able to apply
permissions on the local fs (even the registry) of an NT workstation against
samba domain groups.  So support for the main tools such as setting ACL's in
explorer, regedt32, and NT policies in User Manager (all on the local
machine) could be polished up ;)

- ACL's on Samba shares
  Use Explorer to set permissions on samba shares in a limited fashion.  So
our windows users can secure their files a bit better, share files between
different accounts using group permissions, and have the option not to have
to leave files world-readable (the default in linux).
  A rough idea..
  - only one user, one group (effectively the owners) and "everyone" would
be possible, and a request containing multiple groups be ignored.
domain-mapped groups also here.
  - only the RWX bits would be supported, others ignored.  So NT's Read
would be "rx_" on a file/dir, List = "rx_" on a directory and "r__" on a
file, No Access="___", Change="rwx", Full Control="rwx", and the individual
bits R,W,X  changed via the "special permissions" option.  Could the other
bits NT has for delete/ownership/etc. be grayed out? (that would be style!)

Jamie ffolliott
Queen's Engineering Society


> -----Original Message-----
> From: samba-ntdom at samba.org [mailto:samba-ntdom at samba.org]On Behalf Of
> Luke Kenneth Casson Leighton
> Sent: Friday, March 05, 1999 5:42 PM
> To: Multiple recipients of list
> Subject: coding binge coming on.
>
>
> hm.  i feel the urge to do a coding-spree again.  spread wings again in
> unchartered territories.  before i do so, does anyone have any suggestions
> for major areas of missing functionality that are really getting on
> people's wick (e.g inter-domain trust relationships?)
>
> luke
>
> rsvp. to samba-technical, thx.
>
>
> <a href="mailto:lkcl at samba.org"   > Luke Kenneth Casson Leighton  </a>
> <a href="http://www.cb1.com/~lkcl"> Samba and Network Development </a>
> <a href="http://samba.org"        > Samba Web site                </a>
>
> =====================================================================
> Luke Kenneth Casson Leighton        |  Direct Dial   : (678) 443-6183
> Systems Engineer / ISS XForce Team  |  ISS Front Desk: (678) 443-6000
> Internet Security Systems, Inc.     |  ISS Fax       : (678) 443-6477
>
http://www.iss.net/    *Adaptive Network Security for the Enterprise*
     ISS Connect   -   International User Conference   -  May '99
=====================================================================

More information about the samba-technical mailing list