I upgraded my PDC to samba 3.0, but am still facing group management problems.
I did group mappings but I can't join computers to the domain using a normal
user account with admin rights.
I changed the backend db to tdbsam but I still failed.
The USRMGR.EXE can read contents of my domain, but cannot make any changes to
it.
1. When I try to enable User Cannot Change Password I get the error: The
procedure number is out of range
2. When I try to add users to a group, I get Incorrect function Group name
not found errors.
Grateful for your help.
Richard.
On Thursday 30 October 2003 07:33, Richard Ssekibuule wrote:
Thanks big time for your advice.
The solution is clearer now.
Richard.
On Wednesday 29 October 2003 21:49, rruegner wrote:
hi,
i am not sure if i understand you in the right way but
this are the magic to make squid use transparent
#transproxy feature, very cool content filtering can be done with
squidguard #iptables -t nat -A PREROUTING -i eth2 -s ! 10.10.10.2 -p tcp
--dport 80 -j DNAT --to 10.10.10.2:3128
#iptables -t nat -A POSTROUTING -o eth2 -s 10.10.10.0/24 -d 10.10.10.2 -j
SNAT --to 10.10.10.2
#iptables -A FORWARD -s 10.10.10.0/24 -d 10.10.10.2 -i eth2 -o eth2 -p
tcp --dport 3128 -j ACCEPT
for sure you have to enable additional stuff in squid.conf and change
settings to your need in example above ( study man squid)
as you know changing settings for ie i think is only allowed for
powersusers ( but i am not sure at the moment )
but in fact if your users cant change it they have no permission too.(win
stuff)
As i think if you want to give them the permission to change i e settings
you have to give them
higher prior on their local workstations.( like superuser etc.)..not
all users are equal in their needs!
But as i remember i had never problem with that, if you store their
profiles in their homes on samba.( when i use this old distro setup )
But in Version 2.2.5 there is not a valid group mapping between samba /
unix to windows,
therefore an for other reason (security ) you should upgrade t samba 3 (
load it from ftp.suse.com people gd )
than you can build a nearly equal nt4 pdc with group mapping
match the groups with that bash script
#!/bin/bash
net groupmap modify ntgroup=Domain Admins unixgroup=root
net groupmap modify ntgroup=Domain Users unixgroup=users
net groupmap modify ntgroup=Domain Guests unixgroup=nobody
net groupmap modify ntgroup=Administrators unixgroup=ntadmin
net groupmap modify ntgroup=Users unixgroup=users
net groupmap modify ntgroup=Guests unixgroup=nobody
net groupmap modify ntgroup=System Operators unixgroup=sys
net groupmap modify ntgroup=Account Operators unixgroup=ntadmin
net groupmap modify ntgroup=Backup Operators unixgroup=bin
net groupmap modify ntgroup=Print Operators unixgroup=lp
net groupmap modify ntgroup=Replicators unixgroup=daemon
net groupmap modify ntgroup=Power Users unixgroup=sys
you can use than USRMGR.EXE for create users groups etc
in my setup this works finewith nt policies i am able to give
different users/groups to different proxies and fine tune the content
filtering ie. example adults and kids
machine adding on the fly to samba 3 work now too
study the new faqs for samba.
note that the out of the boy version from suse is not valid for a good
working pdc
( for 700 users you should use ldap with samba not smbpasswd )
Good Luck
Best Regards
- Original Message -
From: Richard K Ssekibuule [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Wednesday, October 29, 2003 7:11 PM
Subject: [Samba] Internet Explorer
I have successfully setup a samba 2.25 PDC on SuSE8.1 for my 700 users.
My problem: These users cannot change their Internet explorer proxy
setting.
Question: How can I grant rights to change Internet explorer settings
without compromising administrative security?
My kernel cannot do transparent proxy, but I use squid to schedule
users Internet access.
The server running squid is different from the one running
squid/gateway.
Thanks in advance.
Richard.
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
