Hi, Recently, i worked in a pilot project to migrate a NT4 Domain to Samba3 + OpenLDAP. They have a quite large user base, approx. 2500 accounts, plus approx. 1800 groups, which 200 are local groups. Unfortunately, we faced some problems, and i'd like to know if anyone has faced them too, and how overcame them: - User Rights and Privileges: This is kinda new in latest Samba release, 3.0.11, but doesn't implement yet all NT4 funcionalities. Specifically here, they use the privileges called "Log on as a service" and "Logon as a batch job", and the others, too. I am not a NT4 master, but AFAIK, this can be changed to local policies (in windows machines, 2003 atm) insted of using the Domain ones. Am i right? - Local groups: AFAIK, NT4 Admins used them to ease the administration of permissions ACLs, but how implement it using Samba3+OpenLDAP? Or the only way is to change all the local groups to domain groups and redo the acl stuff? (the ntadmins will cry) Thanks,
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Carlos Eduardo Pedroza Santiviago wrote: | - User Rights and Privileges: This is kinda new in latest | Samba release, 3.0.11, but doesn't implement yet | all NT4 funcionalities. Specifically here, they use the privileges | called "Log on as a service" and "Logon as a batch | job", and the others, too. I am not a NT4 master, but AFAIK, | this can be changed to local policies (in windows machines, | 2003 atm) insted of using the Domain ones. Am i right? Windows privileges are local to the machine on which they are assigned. The privlieges assigned on the Samba host have no relation to privileged on the local clients. | - Local groups: AFAIK, NT4 Admins used them to ease the | administration of permissions ACLs, but how implement it | using Samba3+OpenLDAP? Or the only way is to change all | the local groups to domain groups and redo the acl stuff? | (the ntadmins will cry) Local groups on domain members ? or domain local groups on the DC's. I'm not sure exactly what you are asking for here. You can have domain local groups using the group mapping functionality, but IIRC domain local groups (in nt4) are only available between DC's. cheers, jerry ====================================================================Alleviating the pain of Windows(tm) ------- http://www.samba.org GnuPG Key ----- http://www.plainjoe.org/gpg_public.asc "I never saved anything for the swim back." Ethan Hawk in Gattaca -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCOtk+IR7qMdg1EfYRAkW3AKDFtWV3D5ZymeDV9eOL+0tEGHREagCdE0pe QERof+LtL/Na4W8fn5CXgA0=tIF3 -----END PGP SIGNATURE-----