From fbe0299e54df9173859182fad0071c7a3217b403 Mon Sep 17 00:00:00 2001 From: David O'Neill Date: Fri, 5 Jan 2001 17:50:50 +0000 Subject: Merge of documentation updates to HEAD. These got missed somewhere along the way. (This used to be commit afad150bacfd02ec83c57ea9ba9152ff59fb7eee) --- docs/textdocs/samba-pdc-howto.txt | 33 +++++++++++++++++++++------------ 1 file changed, 21 insertions(+), 12 deletions(-) (limited to 'docs/textdocs/samba-pdc-howto.txt') diff --git a/docs/textdocs/samba-pdc-howto.txt b/docs/textdocs/samba-pdc-howto.txt index 0073d2947b..5ed15cdf4a 100644 --- a/docs/textdocs/samba-pdc-howto.txt +++ b/docs/textdocs/samba-pdc-howto.txt @@ -7,7 +7,7 @@ David Bannon _________________________________________________________________ _________________________________________________________________ - Comments, corrections and additions to + Comments, corrections and additions to This document explains how to setup Samba as a Primary Domain Controller and applies to version 2.2.0. Before using these functions @@ -251,7 +251,7 @@ A sample conf file encrypt passwords = yes domain logons =yes logon script = scripts\%U.bat - domain admin users = root dbannon andrew + domain admin group = @adm add user script = /usr/sbin/adduser -n -g machines -c Machine -d /dev/n ull -s /bin/false %m$ guest account = ftp @@ -287,10 +287,17 @@ PDC Config Parameters and the other parameters are chosen as suitable for a machine account. Works for RH Linux, your system may require changes. + domain admin group = @adm + This parameter specifies a unix group whose members will be + granted admin privileges on a NT workstation when logged onto + that workstation. See the section called Domain Admin Accounts. + domain admin users = user1 users2 - This parameter specifies a unix user who will be granted admin - privileges on a NT workstation when logged onto that - workstation. See the section called Domain Admin Accounts. + It appears that this parameter does not funtion correctly at + present. Use the 'domain admin group' instread. This parameter + specifies a unix user who will be granted admin privileges on a + NT workstation when logged onto that workstation. See the + section called Domain Admin Accounts. encrypt passwords = yes This parameter must be 'yes' to allow any of the recent service @@ -462,16 +469,18 @@ Domain Admin Accounts Samba 2.2 recognizes particular users as being domain admins and tells the NTws when it thinks that it has got one logged on. In the smb.conf - file we declare that the Domain Admin users = user1 user2. Any user - mentioned here will be treated as a Domain Admin by a NTws when logged - onto the Domain. They will have full Administrator rights including - the rights to change permissions on files and run the system utilities - such as Disk Administrator. + file we declare that the Domain Admin group = @adm. Any user who is a + menber of the unix group 'adm' is treated as a Domain Admin by a NTws + when logged onto the Domain. They will have full Administrator rights + including the rights to change permissions on files and run the system + utilities such as Disk Administrator. Add users to the group by + editing /etc/group/. You do not need to use the 'adm' group, choose + any one you like. Further, and this is very new, they will be allowed to create a new machine account when first connecting a new NT or W2K machine to the - domain. At present, ie pre-release, only a Domain Admin who also - happens to be root can do so. + domain. However, at present, ie pre-release, only a Domain Admin who + also happens to be root can do so. _________________________________________________________________ Chapter 4. Profiles, Policies and Logon Scripts -- cgit