At this time there are many little surprises for the unwary administrator. In a real sense it is imperative that every step of automated control scripts must be carefully tested manually before putting them into active service.
#!/bin/bash net groupmap modify ntgroup="Domain Admins" unixgroup=ntadmin net groupmap modify ntgroup="Domain Users" unixgroup=users net groupmap modify ntgroup="Domain Guests" unixgroup=nobody groupadd Orks groupadd Elves groupadd Gnomes net groupmap add ntgroup="Orks" unixgroup=Orks type=d net groupmap add ntgroup="Elves" unixgroup=Elves type=d net groupmap add ntgroup="Gnomes" unixgroup=Gnomes type=d
11.4.1 Adding Groups Fails
This is a common problem when the groupadd is called directly by the Samba interface script for the add group script in the smb.conf file.
The most common cause of failure is an attempt to add an MS Windows group account that has either an upper case character and/or a space character in it.
There are three possible work-arounds. First, use only group names that comply with the limitations of the UNIX/Linux groupadd system tool. Second, it involves the use of the script mentioned earlier in this chapter, and third is the option is to manually create a UNIX/Linux group account that can substitute for the MS Windows group name , then use the procedure listed above to map that group to the MS Windows group.
11.4.2 Adding MS Windows Groups to MS Windows Groups Fails
Samba-3 does not support nested groups from the MS Windows control environment.
11.4.3 Adding Domain Users to the Power Users Group
" What must I do to add Domain Users to the Power Users group ?" The Power Users group is a group that is local to each Windows 200x/XP Professional workstation. You cannot add the Domain Users group to the Power Users group automatically, it must be done on each workstation by logging in as the local workstation administrator and then using the following procedure: