We have Samba 2.2.7 (the RPM for Red Hat 6.2 built by the Samba Team)
running on Red Hat 7.0. It's set up as a PDC, with the config. file
as follows:
# Global parameters
[global]
workgroup = ESPL
server string = GenaWare Sydney main file server
interfaces = 192.168.20.2/24
encrypt passwords = Yes
smb passwd file = /etc/samba/smbpasswd
passwd program = /usr/bin/passwd %u
passwd chat = *password* %n\n *password* %n\n *successfull*
unix password sync = Yes
log file = /var/log/samba/log.%m
max log size = 50
name resolve order = host wins lmhosts bcast
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
domain logons = Yes
logon script = espl.bat
os level = 60
preferred master = Yes
time server = Yes
domain master = Yes
dns proxy = No
wins proxy = Yes
wins support = Yes
add user script = /usr/sbin/useradd -c 'Machine trust account' -d /dev/null -s
/bin/false -M -g winboxes %u
On an NT Workstation 4 with Service Pack 5:
The system is a member of the domain, and I can log on to the
domain on this system.
When using the Windows Explorer Properties applet to try to add
permissions to a file on a local disk, I can only see domain users
in the list, plus default domain groups (e.g Domain Users) but I
can enter a known domain group, and this is added successfully to
the file's ACLs.
On Windows 2000 (Workstation + Service pack 2, or Server + Service Pack 3)
The system is a member of the domain, and I can log on to the
domain on this system.
When using the Windows Explorer Properties applet to try to add
permissions to a file on a local disk, I can only see domain users
in the list, plus default domain groups (e.g Domain Users). If I
enter a known domain group, I get the response Invalid Name.
If I select a domain user and add permissions for that user, It
appears to succeed, but when I come back to view the security
information for the file, all I see is a long user ID string, not
the user name.
Curiously, on all three client systems, I can see the domain groups when
trying to add permissions to file on a Samba share.
Is it possible to see list of domain groups when adding permissions to
a local file?
Is there something I need to change to achieve this?
More importantly, can Windows 2000 apply domain group permissions
to local files? If so, how can this be enabled?
--
Jonathan Gowland | GenaWare Pty Limited
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba