Re: Samba: assign domain group policy through Samba tools?

To: debian-user <debian-user@lists.debian.org>
Subject: Re: Samba: assign domain group policy through Samba tools?
From: "Karsten M. Self" <kmself@ix.netcom.com>
Date: Sat, 22 May 2004 01:34:07 -0700
Message-id: <[🔎] 20040522083407.GK10779@ix.netcom.com>
Mail-followup-to: debian-user <debian-user@lists.debian.org>
In-reply-to: <[🔎] 20040521004006.GA20030@rtcmarketing.com>
References: <[🔎] 20040517103837.GE9820@ix.netcom.com> <[🔎] 20040521004006.GA20030@rtcmarketing.com>

on Thu, May 20, 2004 at 06:40:06PM -0600, CW Harris (charris@rtcmarketing.com) wrote:
> On Mon, May 17, 2004 at 03:38:37AM -0700, Karsten M. Self wrote:


> > I'm stuck on creating a group profile at the domain level, though.
> 
> Okay. I haven't done this so just some info you might have missed, or
> might help you.
> 
> From: http://us3.samba.org/samba/docs/man/guide/happy.html#ch6-massive
>  At this time, Samba-3 requires that on a PDC all UNIX (Posix) group
>  accounts that are mapped (linked) to Windows Domain Group accounts must
>  be in the LDAP database.
> 
> This does not actually say it, but I think I read somewhere that Samba
> as a PDC requires LDAP to support the Active Directory functions.?

Yeah.  I see a lot of catting around the issue, but no outright
statement.  At the least, it would seem I need an LDAP backend.  Pity.
 
> Also, this might be some help:
> http://us3.samba.org/samba/docs/man/howto/PolicyMgmt.html#id2577673
> 
> Apparently, part of the GPO is stored directly on the Active Directory.
> See also the section: Administration of Windows 200x/XP Policies" for
> some steps on editting the GPO's using the MMC snap-in. (Who at MS
> thinks of these names?)
> 
> Anyway, HTH.  I was all set when we got a small number of XP boxen at my
> work to play around with the PDC thing, only to realize how much MS
> changed the structure with 2000/XP.  I tired out trying to figure it out
> for such a small number of users.  I figured by the time I got it
> working, MS would release Windows eXtra-eXtra-Pain and it wouldn't work
> again.

No!  They wouldn't do *that*!  Never!

> > 
> > The goal is to have a single point at which I can make
> > additions/deletions to Desktop, Start Menu, "Favorites" (bookmarks),
> > Startup, etc.  As well as making some registry edits (allowed/disallowed
> > apps).
> > 
> > 
> > I've copied the profile itself, through one of the XP clients, to a
> > directory under my [profiles] share on the Samba server.
> 
> My quick read seems to indicate it needs to be in the [netlogon] share?

I think you're right here.
 
> > What I don't see is a way to make the association between this
> > profile and the group ("members") which I'd like to have use this.
> 
> Again, seems to be in the GPO that you define as in the reference
> above, but then I haven't done this so maybe I'm just background noise
> in the list.
 
 
> Good luck.

Thanks, I'll need it.  Along with some hair dye and a masseuese


Peace.

-- 
Karsten M. Self <kmself@ix.netcom.com>        http://kmself.home.netcom.com/
 What Part of "Gestalt" don't you understand?
    See! The Cliffs of Insanity!
    - Princess Bride

Attachment: signature.asc
Description: Digital signature

Reply to:

References:
- Samba: assign domain group policy through Samba tools?
  - From: "Karsten M. Self" <kmself@ix.netcom.com>
- Re: Samba: assign domain group policy through Samba tools?
  - From: CW Harris <charris@rtcmarketing.com>

Prev by Date: Re: cdrom does not un-mounts
Next by Date: new e-mail address
Previous by thread: Re: Samba: assign domain group policy through Samba tools?
Next by thread: Increasing Partition size.
Index(es):
- Date
- Thread