Feature #434
Enhanced PDC support
0%
Description
From JanJacobs:
fter searching and trying, i finally found some stuff that enables us to do more with PDC:
upon activation of the pdc feature, the script has to run the following commands, i think this is best done through hdactrl
groupadd ntadmins
groupadd ntusers
groupadd ntguests
net groupmap add ntgroup="Domain Guest" unixgroup=ntguests rid=514 type=d
net groupmap add ntgroup="Domain User" unixgroup=ntusers rid=513 type=d
net groupmap add ntgroup="Domain Administrator" unixgroup=ntadmins rid=512 type=d
The above commands are all standard linux commands, i tested them in my terminal, and they work.
Once this is done, samba is setup for user groups, this groups can be existing unix groups, but i rather keep them on special groups/accounts just for security purpose.
We also need to create a Domain Administrator..
I suggest this is done through the pdc tab on the dashboard, maybe add a textbox where the user can add a name (or perhaps choose a name for them?) and a password,
with a checkmark that activates this account..
So lets say the user entered DomainAdmin into the textbox, if he checks the box, the following has to occur:
the user has to be created in samba, using normal procedures for adding users.
Also, the following command has to be executed:
useradd DomainAdmin -G ntadmins
The above command adds DomainAdmin to the linuxgroup ntadmins, which we mapped to Domain Administrator during the activation of the PDC
Once this is done, you can join any client using DomainAdmin and the password they entered on the webpage
Also, when we create normal users through the users tab, this command should be executed:
useradd <username> -G ntusers
This adds all the users we create to the default domain user.
Also available in: Atom