Ivan Sergio Borgonovo
2002-Oct-15 13:01 UTC
[Samba] workaround assigning domain group permissions on PDC clients
This is far from being elegant but it works...
Target: assigning domain wide group permissions on members (client) of
a Samba PDC.
Steps:
1a edit the file pointed by
username map
add
existing_Unix_group1 = "Domain Users"
2a log on a client with administrative privileges
assign to a dir/disk permission to the "Domain Users" being
carefull to
select from the Domain list and not the local list
3a reset the client (logging of is not enough)
done...
if you'll check permissions on that dir/disk (after reset) they will be
listed as
DOMAIN\existing_Unix_group1
If you want further Domain wide groups:
1b edit the file pointed by
username map
change
existing_Unix_group1= "Domain Users"
to
existing_Unix_group1= "Domain Users"
2b follow 2a...
while this is an administrative hell... you can assign Domain wide
groups privileges on client filesystem.
Once you finished you can delete the line
any_existing_Unix_group = "Domain Users"
and the permissions on clients will still work
You can add several groups with the same mapping system using other
default groups like SYSTEM, Domain Admins, etc... anyway I would
suggest to use lower privilege groups even if they will just be
temporarely mapped.
Use this trick at your own risk... I haven't had time to check if there
are any drawbacks or security risk.
I'll try to publish a nicer, clearer, grammatically more correct
version of this femtoHOWTO here:
http://www.webthatworks.it/test/samba/
including a script to make things easier on the Linux side, if I'll
survive to the 3rd in a week HW failure of my workstation :(
--
Salve
Ivan Sergio Borgonovo
http://www.webthatworks.it/
uniq life || sleep 24h
Carlos Augusto Silva
2002-Oct-15 14:18 UTC
[Samba] workaround assigning domain group permissions on PDC clients
Hi All, I need configure samba + openldap...... whereis a howto ?!?! ;-) Tanks for all, Carlos Augusto Silva FreeBSD User BSD050846 Brazilian
dj@4ict.com
2002-Oct-15 14:21 UTC
[Samba] workaround assigning domain group permissions on PDC clients
On Tue, 15 Oct 2002, Carlos Augusto Silva wrote:> Hi All, > I need configure samba + openldap...... > whereis a howto ?!?! ;-)http://samba.idealx.org/ Kind regards, Tim -- ==========================================================================Tim Verhoeven Linux & Open Source Specialist GSM : 0496 / 693 453 + e-business solutions Email : dj@4ict.com + consulting URL : www.sin.khk.be/~dj/ + Server consolidation ===========================================================================