Just a few comments about this fragment: > # [20domainadmingroup] > # This parameter is intended as a temporary solution to enable > # users to be a member of the "Domain Admins" group when a Samba > # host is acting as a PDC. > domain admin group = @admin
The domain admin group parameter "accepts a list of usernames and of group names in standard smb.conf notation", and I recall reading (I can't seem to find it now) that this was replacing the domain admin user. Therefore, a fragment called 20domainadmins that had the following should work to replace 20domainadmingroup and 20domainadminusers: domain admin group = @admin root admin I have intentionally left Administrator off the list for security reasons, as anybody wanting to attempt to secure a WinNT/2000 machine should rename that account in the early stages of setting up the machine. Also, I have replaced the commas with spaces, as this is what the examples in man smb.conf. It probably doesn't make a difference, but I like to stick to established convention. David M. Brown Frick, Frick & Jetté Architects [EMAIL PROTECTED] -- Please report bugs to [EMAIL PROTECTED] Please mail [EMAIL PROTECTED] (only) to discuss security issues Support for registered customers and partners to [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org
