To continue reading for free, register below or login
To read more you must become a member of SearchEnterpriseLinux.com
As you correctly point out, Samba-3 behaves a little differently than does
Samba-2.2.x. That is why it is important to read the Samba-HOWTO-Collection.pdf that ships with Samba-3. You can buy this in hard copy from your local bookstore (or Amazon.Com) as "The Official Samba-3 HOWTO and Reference Guide."
The chapters that are of primary interest in respect of the question you raise are the one covering User Account Databases, and Group Mapping.
By default, if you use your unchanged smb.conf from Samba-2.2.x it should work, but with the change you have noted. The default "passdb backend" is the smbpasswd file that your old installation used.
The one thing you must accomodate is the new group mapping system. You need to map the Domain Users, Domain Admins and Domain Guests groups to valid UNIX groups. Such mapping is essential to proper domain permissions handling.
For example, to map the UNIX group "wheel" to the Windows Domain Admins group you must execute:
net groupmap modify ntgroup="Domain Admins" unixgroup=wheel
There are two ways you can give particular users Domain Administrator privileges:
a) By adding your users to the UNIX group that maps to the Windows Domain
Admins group. For example, to grant the user "georgewb" Domain Admin
control:
net groupmap modify ntgroup="Domain Admins" unixgroup=wheel
Now add "georgewb" to the wheel group in your /etc/group file.
b) Make use of the "username map" facility. In your smb.conf file [globals] section, add:
username map = /etc/samba/smbusers
In /etc/samba/smbusers:
root = Administrator georgewb
This means the when "georgewb" logs on, he will be the Domain Administrator.
|
