As stated, the focus in most of this chapter is on use of the net rpc family of operations that are supported by Samba. Most of them are supported by the net ads mode when used in connection with Active Directory. The net rap operating mode is also supported for some of these operations. RAP protocols are used by IBM OS/2 and by several earlier SMB servers.

Samba's net tool implements sufficient capability to permit all common administrative tasks to be completed from the command line. In this section each of the essential user and group management facilities are explored.

Samba-3 recognizes two types of groups: domain groups and local groups . Domain groups can contain (have as members) only domain user accounts. Local groups can contain local users, domain users, and domain groups as members.

The purpose of a local group is to permit file permission to be set for a group account that, like the usual UNIX/Linux group, is persistent across redeployment of a Windows file server.