Matt Lung
2002-May-23 08:40 UTC
[Samba] - Win2k local groups and domain groups on linux PDC
I am currently running Samba 2.2.4 on a RH 7.1 box acting as a PDC with two Win2k test clients attaching to it. Users authenticate to the PDC via an LDAP server running on the PDC and that works ok. I can also join the domain with no problems. What I am trying to accomplish is to have a domain user or better yet a group of domain users, be able to log into the win2k box and have the linux domain group they belong to be able to be part of one of the Win2k local groups so they can have administrative privileges right off the bat without having to add several domain users to a win2k local group. What I've encountered is that when I edit the Administrators local group or any other group on the win2k box and want to add a domain group such as @admin, none of the domain groups even show up in the list. It only lists domain users. So my question is.... is there anyway to get the groups to populate in this list also???? Sure would be nice. If anyone can help me out with fixing this or somewhat pointing me in the right direction I would really appreciate it. thanks. Matt Lung -------------- next part -------------- HTML attachment scrubbed and removed
Yannick Tousignant
2002-May-23 10:57 UTC
[Samba] - Win2k local groups and domain groups on linux PDC
In Samba release 2.2.2, only 2 groups are dealed for Microsoft Windows workstations: Domain Admins and Domain Users. All other groups are considered Local Unix Group. That's mean that a Samba user will only be Domain user or Domain Admin. If you only use Samba servers, there will be no problem, but if you plan to use Microsoft Windows NT member server using groups, just forget about it... Cut/Paste of --> The SAMBA-LDAP-PDC Howto Revision : 1:14 Hope this help... Yannick -----Original Message----- From: samba-admin@lists.samba.org [mailto:samba-admin@lists.samba.org]On Behalf Of Matt Lung Sent: Thursday, May 23, 2002 11:53 AM To: samba@lists.samba.org Subject: [Samba] - Win2k local groups and domain groups on linux PDC I am currently running Samba 2.2.4 on a RH 7.1 box acting as a PDC with two Win2k test clients attaching to it. Users authenticate to the PDC via an LDAP server running on the PDC and that works ok. I can also join the domain with no problems. What I am trying to accomplish is to have a domain user or better yet a group of domain users, be able to log into the win2k box and have the linux domain group they belong to be able to be part of one of the Win2k local groups so they can have administrative privileges right off the bat without having to add several domain users to a win2k local group. What I've encountered is that when I edit the Administrators local group or any other group on the win2k box and want to add a domain group such as @admin, none of the domain groups even show up in the list. It only lists domain users. So my question is.... is there anyway to get the groups to populate in this list also???? Sure would be nice. If anyone can help me out with fixing this or somewhat pointing me in the right direction I would really appreciate it. thanks. Matt Lung -------------- next part -------------- HTML attachment scrubbed and removed
Yannick Tousignant
2002-May-23 11:34 UTC
[Samba] - Win2k local groups and domain groups on linux PDC
It appear to me that LDAP groups are not considerate like
valid domain group for Windows NT/2000. This is why,
and please correct me if i'm wrong, it is not possible
to do such thing.
Yannick
-----Original Message-----
From: Matt Lung [mailto:mattl@midwest-tool.com]
Sent: Thursday, May 23, 2002 2:39 PM
To: Yannick Tousignant
Subject: Re: [Samba] - Win2k local groups and domain groups on linux PDC
I am using only linux servers. How can I make the groups on the linux
server appear in windows so i can add them to like Power Users group or a
group on windows?
matt
----- Original Message -----
From: Yannick Tousignant
To: Matt Lung
Cc: samba@lists.samba.org
Sent: Thursday, May 23, 2002 12:54 PM
Subject: RE: [Samba] - Win2k local groups and domain groups on linux PDC
In Samba release 2.2.2, only 2 groups are dealed for Microsoft Windows
workstations: Domain
Admins and Domain Users. All other groups are considered Local Unix
Group. That's
mean that a Samba user will only be Domain user or Domain Admin. If you
only use Samba
servers, there will be no problem, but if you plan to use Microsoft
Windows NT member server
using groups, just forget about it...
Cut/Paste of --> The SAMBA-LDAP-PDC Howto Revision : 1:14
Hope this help...
Yannick
-----Original Message-----
From: samba-admin@lists.samba.org [mailto:samba-admin@lists.samba.org]On
Behalf Of Matt Lung
Sent: Thursday, May 23, 2002 11:53 AM
To: samba@lists.samba.org
Subject: [Samba] - Win2k local groups and domain groups on linux PDC
I am currently running Samba 2.2.4 on a RH 7.1 box acting as a PDC
with two Win2k test clients attaching to it. Users authenticate to the PDC
via an LDAP server running on the PDC and that works ok. I can also join
the domain with no problems. What I am trying to accomplish is to have a
domain user or better yet a group of domain users, be able to log into the
win2k box and have the linux domain group they belong to be able to be part
of one of the Win2k local groups so they can have administrative privileges
right off the bat without having to add several domain users to a win2k
local group.
What I've encountered is that when I edit the Administrators local
group or any other group on the win2k box and want to add a domain group
such as @admin, none of the domain groups even show up in the list. It only
lists domain users. So my question is.... is there anyway to get the groups
to populate in this list also???? Sure would be nice.
If anyone can help me out with fixing this or somewhat pointing me in
the right direction I would really appreciate it.
thanks.
Matt Lung
-------------- next part --------------
HTML attachment scrubbed and removed