Koozali.org: home of the SME Server
Legacy Forums => Experienced User Forum => Topic started by: rosie on April 02, 2003, 11:27:01 PM
-
To maintain the primary web-site I always login on the SME Server through my Win XP client as admin using the standard Samba SME setup. I want to grant admin rights to be able to read and write in all the other users folders. How do I do that? Thanks!
-
Hi,
Try winscp.: http://winscp.vse.cz/eng/
Install it on your client computer and connect to your SME server as root.
Regards,
guestHH
-
WinSCP will work fine. However, I still would like to know if you can create domain-groups and have group rights/permissions inherited by members of the group like NT/W2k can. Is this possible?
So far, in order to grant admin access to a W2K Pro machine I have had to make the domain user a memeber of the local machine's administrator group. But with a NT,W2K domain controller you do not have to do this.
Thanks,
James
-
This solution requires the creation of a custom template fragment for the Samba configuration file, smb.conf.
1. Terminal into your SME server and login as root.
2. [root@sme5 /root]# pico /etc/e-smith/templates-custom/etc/smb.conf/11domainAdminGroup.
3. Paste, or type, the following into the 11domainAdminGroup text document. Don't forget the leading and trailing braces!!
{
# ------------------
# 11domainAdminGroup
# ------------------
# This parameter is intended as a temporary solution to enable
# users to be a member of the "Domain Admins" group when a Samba
# host is acting as a PDC. A complete solution will be provided
# by a system for mapping Windows NT/2000 groups onto UNIX groups.
# Please note that this parameter has a somewhat confusing name.
# It accepts a list of usernames and of group names in standard
# smb.conf notation.
return "" unless ($SambaDomainMaster eq "yes");
local %services = ( smb => $smb );
my $default = "admin";
my $smbDomainAdminGroup = db_get_prop(\%services, "smb", "DomainAdminGroup") || $default;
"domain admin group = \@$smbDomainAdminGroup";
}
4. Set the "domain admin group" in the configuration:
[root@sme5 /root]# /sbin/e-smith/config setprop smb DomainAdminGroup admin
-- or --
[root@sme5 /root]# /sbin/e-smith/config setprop smb DomainAdminGroup shared
5. Expand the template:
[root@sme5 /root]# /sbin/e-smith/expand-template /etc/smb.conf
6. Restart samba:
[root@sme5r /root]# /etc/rc.d/init.d/smb restart
Shutting down SMB services: [ OK ]
Shutting down NMB services: [ OK ]
Starting SMB services: [ OK ]
Starting NMB services: [ OK ]
Users will need to log-off client machines and re-log in for these changes to take effect.
-
Thanks, a lot Greg...this helps. One more question though...can other domain groups be created besides administrators and can we set unique rights/permissions to each?
-James
-
James,
No, not in the current version of Samba. Samba 2.x only understands the domain users and domain admins groups.
Samba 3.x, currently in alpha/beta, should break this barrier and provide a more transparent "windows" type domain, including active directory support. No clue as to when Samba 3.x will go production. It's been in alpha/beta for over a year now.
I've been toying contemplating installing Samba 3.x on a SME test box...
Greg Zartman
-
Greg (or anyone else reading)
Does the below steps work for SME 5.5? I was setting this up and everything was fine up until expanding the template:
>
> 5. Expand the template:
>
> [root@sme5 /root]# /sbin/e-smith/expand-template /etc/smb.conf
>
When this executed it came back with errors regarding line 13, which is
>
> return "" unless ($SambaDomainMaster eq "yes");
>
The error had something to do with a variable. Is the $SambaDomainMaster a valid variable in SME 5.5, and if not, where can it be created so that this solution will work? Or is it necessary to upgrade to SME 5.6?
Regards
John
-
Has anyone got this working on sme 5.6 yet
how do you fix the SambaDomainMaster problem (i.e see previous post)