linuxfan 14 wrote:
>
> PV, thanks for your help. I will look into the logon.bat file.
>
> I have finally gotten it to work as a domain. Not sure if its right or
> not, I seem to have alot of folders with the same user name in different
> locations. Maybe they are all linked paths somehow, but at least its a
> start and I can now tweak it and make it better.
>
<snip>
>
> 1 last question (for now at least)…
> PV,
> in this Samba3 link that I posted, I had to ntgroup a SID number for
> the windows user. Is this always the case when having a Samba server
> talk with a windows system? Also, I had to create a Domain Admin for
> the windows system, but didn’t do it on the windows system…it was
> all done on the server side. This doesn’t make sense to me, so was just
> looking for some lamens terminology. In my small mind, I was just
> hoping to create a username and password on the server side and then
> login from the windows system. Which is what I have done, but the
> whole windows Domain admin has me confused. This is all in chapter 9
> (9.2.1. Setting Up Domain Joins) if your interested in looking at it.
>
> Thanks again, I really appreciate it!
>
>
linuxfan;
Glad to see you got it working. There is no reason you actually need a logon
script, in fact I’ve rarely used it. However if you want windows to access a
share as a drive you do need it.
Windows has a number of groups that are builtin (e.g. Domain Admins, Domain
Users). In order for groups to work right and to satisfy the logic of Windows,
these groups need to be associated with a Linux/Unix group. The standard way
to do this is with “net groupmap”. See the manual entry under net; (man net).
What follows is a little shell script to set up this association. It is saved
in a file initGrps.sh which is made executable. Of course each of the commands
could be executed in a stand alone manner, but with my typing I would get them
wrong 50% of the time. This shell script allows be to edit everything first
before I commit. As an added benefit, once it is created you can run it every
time you setup a new domain. Only the first three entries are really needed,
the rest are fluff. If you have set up your own groups (e.g. sales,
engineering, management) you could associate the Windows group with a Linux
group. This is the contents of my init.Grps.sh:
#!/bin/bash
#initGrps.sh
#Map Windows Domain Groups to Unixgroups
net groupmap add rid=512 unixgroup=root type=d ntgroup=“Domain Admins”
net groupmap add rid=513 unixgroup=users type=d ntgroup=“Domain Users”
net groupmap add rid=514 unixgroup=nobody type=d ntgroup=“Domain Guests”
#Map Windows XP local groups to local UNIX groups
net groupmap add rid=544 unixgroup=root type=l ntgroup=“Administrators”
net groupmap add rid=545 unixgroup=users type=l ntgroup=“Users”
net groupmap add rid=546 unixgroup=nobody type=l ntgroup=“Guests”
net groupmap add rid=549 unixgroup=daemon type=l ntgroup=“System Operators”
net groupmap add rid=548 unixgroup=wheel type=l ntgroup=“Account Operators”
net groupmap add rid=551 unixgroup=bin type=l ntgroup=“Backup Operators”
net groupmap add rid=550 unixgroup=lp type=l ntgroup=“Print Operators”
net groupmap add rid=552 unixgroup=kmem type=l ntgroup=“Replicators”
net groupmap add rid=547 unixgroup=ntadmin type=l ntgroup=“Power Users”
I owe you an apology, when I read your first post I thought you were seeking
general information not information about a specific problem. Rereading that
post I can see that it was MY error. Had your first post been properly
understood you could have been up and running a lot faster. Please accept my
apology.
I still think you might find reading the “Samba3 by Example” reference I gave
you informative. This is kept up to date with an evolving Samba. If you need
additional help feel free to post. Next time I promise to get it right.
P. V.
“We have met the enemy an he is us” Pogo