Re: Samba: assign domain group policy through Samba tools?

To: debian-user <debian-user@lists.debian.org>
Subject: Re: Samba: assign domain group policy through Samba tools?
From: CW Harris <charris@rtcmarketing.com>
Date: Thu, 20 May 2004 18:40:06 -0600
Message-id: <[🔎] 20040521004006.GA20030@rtcmarketing.com>
Mail-followup-to: debian-user <debian-user@lists.debian.org>
In-reply-to: <[🔎] 20040517103837.GE9820@ix.netcom.com>
References: <[🔎] 20040517103837.GE9820@ix.netcom.com>

On Mon, May 17, 2004 at 03:38:37AM -0700, Karsten M. Self wrote:
> I'm using Samba as a PDC on a domain with ten WinXP Pro clients, on
> Debian testing/unstable.
> 
> Basic shares work great.  
> 
> Getting the domain stuff set up was a bit trickier, but the OS News
> article[1] and (once I realized the difference between 2.x and 3.x) docs
> under /usr/share/doc/samba-doc/htmldocs/ were invaluable.  Tricky bit
> was creating and mapping groups/users via 'groupadd' and 'net groupmap'.
> 
> Printing through CUPS + Samba was a nightmare, but I was under the
> delusion it worked when I left work Friday night.  Erm.  Saturday
> morning.  Post-sunrise.  Tricky bit was adding printer support via
> 'cupsaddsmb', and deciphering error output (stderr and logs).
> 
> 
> I'm stuck on creating a group profile at the domain level, though.

Okay. I haven't done this so just some info you might have missed, or
might help you.

From: http://us3.samba.org/samba/docs/man/guide/happy.html#ch6-massive
 At this time, Samba-3 requires that on a PDC all UNIX (Posix) group
 accounts that are mapped (linked) to Windows Domain Group accounts must
 be in the LDAP database.

This does not actually say it, but I think I read somewhere that Samba
as a PDC requires LDAP to support the Active Directory functions.?

Also, this might be some help:
http://us3.samba.org/samba/docs/man/howto/PolicyMgmt.html#id2577673

Apparently, part of the GPO is stored directly on the Active Directory.
See also the section: Administration of Windows 200x/XP Policies" for
some steps on editting the GPO's using the MMC snap-in. (Who at MS
thinks of these names?)

Anyway, HTH.  I was all set when we got a small number of XP boxen at my
work to play around with the PDC thing, only to realize how much MS
changed the structure with 2000/XP.  I tired out trying to figure it out
for such a small number of users.  I figured by the time I got it
working, MS would release Windows eXtra-eXtra-Pain and it wouldn't work
again.

> 
> The goal is to have a single point at which I can make
> additions/deletions to Desktop, Start Menu, "Favorites" (bookmarks),
> Startup, etc.  As well as making some registry edits (allowed/disallowed
> apps).
> 
> 
> I've copied the profile itself, through one of the XP clients, to a
> directory under my [profiles] share on the Samba server.

My quick read seems to indicate it needs to be in the [netlogon] share?

> 
> What I don't see is a way to make the association between this profile
> and the group ("members") which I'd like to have use this.

Again, seems to be in the GPO that you define as in the reference above,
but then I haven't done this so maybe I'm just background noise in the
list.

<snip> 

Good luck.

-- 
Chris Harris <charris@rtcmarketing.com>
-------------------------------------------
GNU/Linux --- The best things in life are free.

Reply to:

Follow-Ups:
- Re: Samba: assign domain group policy through Samba tools?
  - From: "Karsten M. Self" <kmself@ix.netcom.com>

References:
- Samba: assign domain group policy through Samba tools?
  - From: "Karsten M. Self" <kmself@ix.netcom.com>

Prev by Date: Update: Dell GX270 Video
Next by Date: Re: Dynamic DNS Setup
Previous by thread: Samba: assign domain group policy through Samba tools?
Next by thread: Re: Samba: assign domain group policy through Samba tools?
Index(es):
- Date
- Thread