Requiring root to join a domain w/ W2K
KEVIN G. CURRIE
currie at shrike.lab2.cc.wmich.edu
Tue Oct 23 07:41:04 GMT 2001
I posted a question about this back in May; however, there does not seem
to be any progress towards a solution.
On our campus we have a few departments that are currently running NT4
labs which are using Samba's PDC support to authenticate login's. These
labs are screaming at IT that they need to be able to run Windows 2000.
There are enough computers though that having IT go onsite and every
time a machine needs to be joined to the domain is simply not an option.
We don't consider giving the departments the root password for Samba
(even if it is different than the unix root password) an option either.
I've come to the realization that this is, understandably, a low
priority item right now for the Samba developers. However, this is
something that is going to have to be implemented, even if it's just a
quick hack, at our site. I have no problem doing the work. After
wading through debug logs and the Samba code for the last day and a
half, the closest I can come to where machine account passwords are
being changed is the two functions:
pdb_set_nt_passwd
pdb_update_sam_account
I haven't been able to track down where the authentication and
authorization to update the machine passwords is being checked though.
Can some one who knows the code steer me in the write direction?
Thanks,
Kevin
--
phew, for a minute there i lost myself.
More information about the samba-technical
mailing list