LinuxSA Mailing list archives
Index:
[thread]
[date]
[subject]
[author]
[stats]
From: JBCurry <jbcurry@hline.localhealth.net>
To : Sam Silvester <sam@quadlink.com.au>
Richard Sharpe <sharpe@ns.aus.com>
Date: Wed, 27 Dec 2000 16:13:43 -0500
RE: user auth. with samba and nt
Sam -
You should only need the standard entries in /etc/group (i.e., your Unix
groups) to resolve group membership. (Somebody please correct me if I'm
wrong.)
There are some parameters for mapping group names between Unix and Windows
NT, if you decide to throw NT into the mix. These parameters are "domain
group map", "domain user map", and "local group map". Haven't used 'em
myself, so it'd be better if I didn't try to tell you how. Check out Samba
FAQ's/HOWTO's or pick up a copy of something like Richard's "Special
Edition: Using Samba" for more info on these parameters.
In your config.pol file, then, (on the server in the /netlogon directory),
you would also need to add the groups you wish to configure policies for.
Remember that policies can get tricky when a user is a member of several
groups, or if you have a combination of machine, user and group policies.
There's a great book on policies entitled "Windows System Policy Editor" put
out by O'Reilly.
You may still yet need to install the group policy handler on your Win9x
machines. This is required for Win9x to be able to pick up group policies.
On the Win98 CD, this would be in \tools\reskit\netadmin\poledit. Configure
a PC, then log off and on again a couple of times to see if Win98 picks up
group policies. Unfortunately, you will need to do this on every Win9x
machine that uses group policies.
One last item: If your group policies still don't work, get an updated
version of grouppol.dll for your Win9x clients. I understand that some
older version(s) don't work properly.
Hope this helps.
> -----Original Message-----
> From: Sam Silvester [mailto:sam@quadlink.com.au]
> Sent: Wednesday, December 27, 2000 12:59 AM
>
> On Wed, 27 Dec 2000, Richard Sharpe wrote:
>
> > At 12:15 AM 12/27/00 +1030, Sam Silvester wrote:
> > >Hi all.
> > >
> > >I've been working on a linux/samba system to do domain logons
> > >for a heap of windows 98 workstations (including system policies),
> > >and I've run into a problem as far as authenticating users goes:
> > >
> > >I need to use group policies on the windows machines, and I
> > >can't work out how to do arrange users into groups with samba.
> > >Ideally I'd like a group for 'domain admins', 'teachers' and
> > >'students', but seeing as I don't think samba can do this yet, I
> > >was thinking of using a windows NT machine to do user
> > >authentication, with samba using the NT machine for user
> > >authentication. Is this necessary? (or maybe I should be asking
> > >will this work?)
> >
> > Have you tried it under Samba? What actually goes wrong?
>
> I haven't tried it as I don't know how I can put users into groups.
> eg say I have 500 users - what I would like is to put them into a
> single group called students so I can then define a policy for the
> group students rather than making 500 copies of the one policy.
>
> But I don't know if samba can actually do this.
>
>
> > Secondly, how do you implement group policies under Win9X?
>
> When you install it, select the option "Group policies" and away you go.
>
> This used to be the setup under NT, but now the servers all run Linux.
> I'd really like to keep it that way as well! :-) Not that I am at all
> biased or anything...
>
>
> Cheers,
>
> Sam!
>
>
> > >Thanks,
> > >
> > >Sam.
> > >
> > >--
> > >Programming is an art form that fights back.
> > >
> > >Sam Silvester
> > ><sam@quadlink.com.au>
> > >
> > >Ph: 0408 492 205
> > >Fax: (08) 8849 2376
> > >
> > >http://www.quadlink.com.au
> > >
> > >--
> > >LinuxSA WWW: http://www.linuxsa.org.au/ IRC: #linuxsa on
> irc.linux.org.au
> > >To unsubscribe from the LinuxSA list:
> > > mail linuxsa-request@linuxsa.org.au with "unsubscribe" as the subject
> > >
> > >
> >
> > Regards
> > -------
> > Richard Sharpe, sharpe@ns.aus.com
> > Samba (Team member, www.samba.org), Ethereal (Team member, www.zing.org)
> > Contributing author, SAMS Teach Yourself Samba in 24 Hours
> > Author, Special Edition, Using Samba
> >
> >
>
> --
> Programming is an art form that fights back.
>
> Sam Silvester
> <sam@quadlink.com.au>
>
> Ph: 0408 492 205
> Fax: (08) 8849 2376
>
> http://www.quadlink.com.au
>
> --
> LinuxSA WWW: http://www.linuxsa.org.au/ IRC: #linuxsa on irc.linux.org.au
> To unsubscribe from the LinuxSA list:
> mail linuxsa-request@linuxsa.org.au with "unsubscribe" as the subject
>
>
--
LinuxSA WWW: http://www.linuxsa.org.au/ IRC: #linuxsa on irc.linux.org.au
To unsubscribe from the LinuxSA list:
mail linuxsa-request@linuxsa.org.au with "unsubscribe" as the subject
Index:
[thread]
[date]
[subject]
[author]
[stats]
Return to the LinuxSA Mailing List Information Page