HP CIFS Server 3.0f Administrator's Guide verison A.02.03
Figure 3-6 Add UNIX Groups and Users
• You can type user and group names into the
Add Names
text field to add users and groups. If the
names are valid UNIX group or user names, the users and groups will be added.
• Optionally, add the Samba server name and a backslash to the beginning of the user or group name
and it will be added (for example,
server1\users1
). When you select names off the name list, the GUI
will put that name in the text list and automatically add the server name as well.
• Optionally use the user name mapping feature to define a mapping of NT user names (or domain
names) to UNIX user names. For example, you could map the NT user names administrator and admin
to the UNIX user name
root
. The mapping can be either one-to-one or many-to-one.
Samba supports the creation of ACEs with NT user names that are mapped to UNIX user names.
To continue the example above, you could create an ACE for the
administrator
user on the NT client
and, on the Samba server, the ACE would be created for the
root
user. The client will display the
corresponding ACE as being for the
root
user, not the
administrator
user.
If you add an ACE for one user name, like
administrator
and then display the list of ACEs and see a
new ACE for a different user name (root), it maybe confusing. As many NT user names can be mapped
to one UNIX user name, Samba only displays the one UNIX user name. It cannot display the NT name
that was mapped to the UNIX user name.
You also have to be careful not to create multiple conflicting ACEs for one UNIX user. For example, in the
NT GUI you might add an ACE for the user
administrator, admin
and
root
. But when you apply these changes,
Samba maps
administrator
and
admin
to the UNIX user
root
and the result is that Samba tries to add three
different ACEs, all for the user
root
, to one file. That is not valid and Samba ignores two of the three ACEs.
Selecting Names From the Samba Name List
The NT user names mapped to UNIX users will also be displayed when you press the
Show Users
button in
the
Add Users and Groups
dialog box. Every valid name that you add to an ACE is in the name list on the
Samba server (after you hit the
Show Users
button). You do not need to type in names or select names from
the NT domain list. If, however, you pick a name from the NT domain list and it happens to be a UNIX user
name on the Samba server, it will be added. This also applies to names that have a user name mapping in
Samba.
There is another reason HP recommends selecting names from the Samba server's list of names instead of
typing names in manually. There might be a UNIX group and a UNIX user with the same name. If you select
a name from the list, Samba knows whether you mean the user or the group. If you type the name in, there
is no way for you to specify the user or the group and Samba may add the ACE for a user when you meant
the UNIX group with the same name.
46 Managing HP-UX File Access Permissions from Windows NT/XP/2000