On Thu, Dec 13, 2001 at 06:32:32PM -0800, Greg Zartman <[EMAIL PROTECTED]> wrote: > [...]
Let me see if I can summarise the problem as I understand it: - e-smith-samba sets "domain admin group = admin" (smb.conf/11domainAdminGroup) - Some Windows software which requires "Power User" status fail to run - Greg and others provided a (probably incomplete) list of apps which fail - Typical apps (MSOffice, Browsers, etc.) run fine with the setting above - One option is to set "domain admin group = @shared" to include all users on the SME Server - Question: Wouldn't that mean that any valid user could log in and change any setting on the local workstation as an Administrator equivalent? - Another option is to add the users to the local "Power User" group on the relevant workstation. - Question: Can you do this without creating a local user as well? - There is disagreement about the correct setting :-) Proposal: - HOWTO which shows a templates-custom entry to let these apps run and lists apps which may be affected (as suggested by Darrell) - Modify the relevant template to read this parameter from the configuration database in a future update, defaulting to the most secure option - Watch as Samba grows to have more complete emulation of Windows groups Gordon -- Gordon Rowell [EMAIL PROTECTED] VP Engineering Network Server Solutions Group http://www.e-smith.com Mitel Networks Corporation http://www.mitel.com -- Please report bugs to [EMAIL PROTECTED] Please mail [EMAIL PROTECTED] (only) to discuss security issues Support for registered customers and partners to [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org
