[ale] NT workstation permissions w/samba server
Jonathan Rickman
infosec at alltel.net
Fri Mar 23 14:09:01 EST 2001
On Fri, 23 Mar 2001, Gary S MacKay wrote:
> How do I set a user's permissions when attached to a samba server? I
> have a samba box doing it's best to be a PDC. There is no NT server box.
> Samba is doing it all. Win9x workstations authenticate, run the login
> script, etc. all is well. The NT workstations are also working as far as
> logging in, running the script,etc. The problem is when I want a user to
> have admin privilages. When a user trys to install something or make
> changes to the workstation, NT complains that it does not have the
> rights. How do I tell linux/samba that this particular user is OK?
I don't really have enough info about your particular setup but I'll take
a shot in the dark...
I'm assuming you have created machine accounts for the NT workstations on
the Samba server. If not, you've got bigger problems to worry about.
The domain group map parameter should handle this for you...
domain group map = /usr/local/samba/lib/domain_group.map
Entries look like this...
<UNIX Group> = <NT Group>
I.E.
power = Power Users
Add the appropriate users to the Unix group.
Now add that group to the local administrators group on one NT
workstation, find the registry entry you just made by doing so, export it
and run it in the login script to get the rest of the workstations.
Not sure if this is the fix you're looking for but I hope it helps.
Keep in mind, Domain Control for NT workstations is still experimental. At
least, last time I checked.
--
Jonathan Rickman
X Corps Security
http://www.xcorps.net
--
To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.
More information about the Ale
mailing list