On Fri, 5 Oct 2001, Darrell May wrote:
> # [11passwdchat] > # Added to correctly sync Windows/Samba/Unix passwords > unix password sync = Yes > passwd program = /usr/bin/passwd %u > passwd chat = *New*UNIX*password* %n\n *Retype*new*UNIX*password* %n\n > *Enter*new*UNIX*password* %n\n *Retype*new*UNIX*password* %n\n > *passwd:*all*authentication*tokens*updated*successfully* This will work for now, but isn't rebust against any change in the behaviour of the passwd program. In particular, a return to the traditional passwd chat (i.e. not duplicated) would break this. The return to "traditional" would require a change in PAM configuration, and would require a compatible change in e-smith-lib. > # [11strictlocking] > # This is a boolean that controls the handling of file locking in the > # server. > strict locking = no Since "strict locking" defaults to no, this fragment is not necessary. My preference is that defaults are omitted from the file: - keep the config as small and simple as possible. - if the default changes, we are more likely to want to track the change than not. - if the parameter becomes redundent, we don't want to have it listed here. > # [11timeserver] > # This permits domain workstations to sync time from the server. > time server = yes This is not the default. "This parameter determines if nmbd advertises itself as a time server to Windows clients." Does anyone know what type of time service this advertises? This setting isn't necessary for "net time //server set" to be used in a logon script. > # [20domainadmingroup] > # This parameter is intended as a temporary solution to enable > # users to be a member of the "Domain Admins" group when a Samba > # host is acting as a PDC. > domain admin group = @admin > > # [20domainadminusers] > # This is a list of users who will be granted administrative > # privileges on the domain > domain admin users = root,admin,Administrator I think that this should also be: domain admin group = @admin I would rather not accept the "Administrator" user - administrators on an SME server network will become used to using the "admin" username and password - I see no reason to support a habit of using "Administrator" - and there are good reasons to discourage it. > # [61Profilesshare] > # This is the WinNT/W2K Profiles share > # WinNT/W2K profiles are stored in /home/e-smith/files/Profiles/~user > # Win9x profiles are stored in ~user/.profiles > [Profiles] > path = /home/e-smith/files/Profiles > writeable = yes > browseable = no > create mask = 777 > directory mask = 777 Are those masks correct? -- Charlie Brady [EMAIL PROTECTED] Lead Product Developer Network Server Solutions Group http://www.e-smith.com/ Mitel Networks Corporation http://www.mitel.com/ Phone: +1 (613) 368 4376 or 564 8000 Fax: +1 (613) 564 7739 -- Please report bugs to [EMAIL PROTECTED] Please mail [EMAIL PROTECTED] (only) to discuss security issues Support for registered customers and partners to [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org
