tags 462045 -wontfix thanks On Tue, Jan 13, 2009 at 07:13:23PM +0100, Christian Perrier wrote: > > Currently the default Samba install assumes you wish to either be a PDC > > or a standalone server (things could be setup so it asks you if Samba > > shluld be a BDC or Domain member, but there are not).
> > In either case the following Windows groups need to exist: > > - Domain Admins > > - Domain Users > > - Domain Guests > > Each of these groups has a well-known Unix group equivalent, (ntadmins, > > users and nogroup) respectively. > > It would be good if: > > - these Unix groups (ntadmins, users and nogroup) were added if > > they went not present. > Well, that's contradictory. In one sentence, you mention these groups > to be "well-known groups"....but, later, you suggest adding them if > they don't exist. > It is my understanding that "well-known groups" are groups that have a > significant-enough prevalence to be added in base-passwd.... If these > ones aren't, they're not well-known enough The 'users' and 'nogroup' groups are both part of base-passwd, so there would be no need to add these in the maintainer script. Only the 'ntadmin' group is questionable. It's given as an example group name in smb.conf, but I don't think we can reasonably assume that it's ok to automatically map it as 'Domain Admins' if it exists on the target system, since a user may have created it for some *other *purpose. > > > > - these mappings were automatically added into Samba > > (net groupmap add ntgroup="Domains Admins" unixgroup="ntadmins" > > rid=512 type=d, etc.) > More generally speaking, I think that such tweaking belongs to the > local administrator and providing this for all users of the samba > package would certainly have weird side effects. > Therefore, I don't think we should implement this. Other maintainers, > please untag this bug if you disagree. I disagree, so untagging. I think it would be reasonable to set up the Domain Users / Domain Guests mappings by default on a first install. I may be convinced otherwise by the time we go to implement it, but at least for the moment I think it's worth looking at. -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. Ubuntu Developer http://www.debian.org/ slanga...@ubuntu.com vor...@debian.org -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
