Re: Samba: assign domain group policy through Samba tools?
From: Karsten M. Self (kmself_at_ix.netcom.com)
Date: 05/22/04
- Previous message: John van Spaandonk: "Re: cdrom does not un-mounts"
- In reply to: CW Harris: "Re: Samba: assign domain group policy through Samba tools?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Sat, 22 May 2004 01:34:07 -0700 To: debian-user <debian-user@lists.debian.org>
on Thu, May 20, 2004 at 06:40:06PM -0600, CW Harris (charris@rtcmarketing.com) wrote:
> On Mon, May 17, 2004 at 03:38:37AM -0700, Karsten M. Self wrote:
> > I'm stuck on creating a group profile at the domain level, though.
>
> Okay. I haven't done this so just some info you might have missed, or
> might help you.
>
> From: http://us3.samba.org/samba/docs/man/guide/happy.html#ch6-massive
> At this time, Samba-3 requires that on a PDC all UNIX (Posix) group
> accounts that are mapped (linked) to Windows Domain Group accounts must
> be in the LDAP database.
>
> This does not actually say it, but I think I read somewhere that Samba
> as a PDC requires LDAP to support the Active Directory functions.?
Yeah. I see a lot of catting around the issue, but no outright
statement. At the least, it would seem I need an LDAP backend. Pity.
> Also, this might be some help:
> http://us3.samba.org/samba/docs/man/howto/PolicyMgmt.html#id2577673
>
> Apparently, part of the GPO is stored directly on the Active Directory.
> See also the section: Administration of Windows 200x/XP Policies" for
> some steps on editting the GPO's using the MMC snap-in. (Who at MS
> thinks of these names?)
>
> Anyway, HTH. I was all set when we got a small number of XP boxen at my
> work to play around with the PDC thing, only to realize how much MS
> changed the structure with 2000/XP. I tired out trying to figure it out
> for such a small number of users. I figured by the time I got it
> working, MS would release Windows eXtra-eXtra-Pain and it wouldn't work
> again.
No! They wouldn't do *that*! Never!
> >
> > The goal is to have a single point at which I can make
> > additions/deletions to Desktop, Start Menu, "Favorites" (bookmarks),
> > Startup, etc. As well as making some registry edits (allowed/disallowed
> > apps).
> >
> >
> > I've copied the profile itself, through one of the XP clients, to a
> > directory under my [profiles] share on the Samba server.
>
> My quick read seems to indicate it needs to be in the [netlogon] share?
I think you're right here.
> > What I don't see is a way to make the association between this
> > profile and the group ("members") which I'd like to have use this.
>
> Again, seems to be in the GPO that you define as in the reference
> above, but then I haven't done this so maybe I'm just background noise
> in the list.
> Good luck.
Thanks, I'll need it. Along with some hair dye and a masseuese
Peace.
-- Karsten M. Self <kmself@ix.netcom.com> http://kmself.home.netcom.com/ What Part of "Gestalt" don't you understand? See! The Cliffs of Insanity! - Princess Bride
-- To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
- application/pgp-signature attachment: Digital signature
- Previous message: John van Spaandonk: "Re: cdrom does not un-mounts"
- In reply to: CW Harris: "Re: Samba: assign domain group policy through Samba tools?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
