[ale] NT workstation permissions w/samba server

Gary S MacKay gary at edisoninfo.com
Fri Mar 23 14:42:15 EST 2001 

This is exactly what the huge Samba Unleashed book said to do. But,
whenever I add those options to the smb.conf file, samba will load fine,
but tosses a bunch of errors in the log file that it does not know what
to do with those statements. I put them in the [global] section of the
smb.conf file. Did I mess that up somehow?

- Gary

Jonathan Rickman wrote:
> 
> On Fri, 23 Mar 2001, Gary S MacKay wrote:
> 
> > How do I set a user's permissions when attached to a samba server? I
> > have a samba box doing it's best to be a PDC. There is no NT server box.
> > Samba is doing it all. Win9x workstations authenticate, run the login
> > script, etc. all is well. The NT workstations are also working as far as
> > logging in, running the script,etc. The problem is when I want a user to
> > have admin privilages. When a user trys to install something or make
> > changes to the workstation, NT complains that it does not have the
> > rights. How do I tell linux/samba that this particular user is OK?
> 
> I don't really have enough info about your particular setup but I'll take
> a shot in the dark...
> 
> I'm assuming you have created machine accounts for the NT workstations on
> the Samba server. If not, you've got bigger problems to worry about.
> 
> The domain group map parameter should handle this for you...
> 
> domain group map = /usr/local/samba/lib/domain_group.map
> 
> Entries look like this...
> 
> <UNIX Group> = <NT Group>
> 
> I.E.
> 
> power = Power Users
> 
> Add the appropriate users to the Unix group.
> 
> Now add that group to the local administrators group on one NT
> workstation, find the registry entry you just made by doing so, export it
> and run it in the login script to get the rest of the workstations.
> 
> Not sure if this is the fix you're looking for but I hope it helps.
> 
> Keep in mind, Domain Control for NT workstations is still experimental. At
> least, last time I checked.
> 
> --
> Jonathan Rickman
> X Corps Security
> http://www.xcorps.net
> 
> --
> To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.

-- 
----------------------------------------------------------------------
Edison Information Technologies            www.EdisonInfo.com
P.O. Box 554                               Gary at EdisonInfo.com
Milan, OH  44846-0554                      419.499.7040
--
To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.

More information about the Ale mailing list