When using Samba to act as a Primary Domain Controller (PDC), it is important to map Linux groups to Windows groups so that you do not have to use the root user to perform any Domain Administrator functions. The tool provided to perform this task is within the net command set, called groupmap. Groupmap is used to map any Linux group to any Windows group, which will allow the systems administrator to specify a group to function as Domain Administrators and another group to act as Domain Users. In the following commands, I'll demonstrate how I map the Linux group smb_users to the Windows Domain Users group and the Linux group smb_admins to the Windows group Domain Administrators. I am assuming that the Linux groups have already been created.
See what the current mapping status is:
net groupmap list
Map the Domain Admins group:
net groupmap set "Domain Admins" "smb_admins"
Map the Domain Users group:
net groupmap set "Domain Users" "smb_users"
Verify that the mapping worked:
net groupmap list
Now, you must restart Samba for the changes to take effect. This will allow you to use members of the Domain Admins group to add machines to the domain and administer machines on the domain.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment