net ads join without an admin account
ndb at theghet.to
ndb at theghet.to
Mon Dec 1 15:59:55 GMT 2003
I've gotten Samba 3 ADS working but I have a question about the method
used for the net ads join.
When I use security=ads and add a machine to the realm via net ads join
"some/container" smbd shows that it tries to add it to the realm but
since it exists, it deletes it and then readds it. When I do this is
as an Adminstrator, its not a problem because he has full access to the
Container. So he can delete it and readd it without any problems. In
our network enviroment, we want to be able to give users the ability to
ladd their machines to the realm but not as an Administrator of the
container so we give them admin rights to their machine. so they can
delete the machine but not readd it. When I was using winbind for
authentication and doing something like smbpasswd -j domain -r host -U
someuser it wouldnt delete the machine from the domain. The users only
had access to their own machine.
So my question is, is it possible that when you do a net ads join does
it have to delete the machine or can smbd just edit it?
Does anyone else have another solution so that I dont have to give out
admin accounts to the container?
ndb
More information about the samba-technical
mailing list