Smb multi-sessions, samba3.0.2pre1
Jianliang Lu
j.lu at tiesse.com
Wed Jan 21 11:04:26 GMT 2004
> On Wed, 2004-01-21 at 01:54, Jianliang Lu wrote:
>
> Using 'admin users' to get around the 'ldap as not root' issue is the
> wrong fix. The real thing we need to do is properly implement the
> required ACLs etc, so that we don't need such ugly hacks.
>
> Andrew Bartlett
>
The problem is that the smbldap-tools need the uid=0 to run. When I use
usrmgr to create a new user I'll get a access denied in run "add user
script"(smbldap-useradd.pl) if the user has not uid=0. If we deal with "add
scripts" using uid=0 may overcome this problem (only for ldap backend).
Another problem is for nested group. If a user would have privileges to
manager users (like create new user) it must be a member of builtin
group "Administrators" or "Account operators", but I don't know if a
globalgroup (like "Domain Admins") could be a member of such group to have
these privileges.
My question is: how can we do to have the users which have uid not 0 and have
the privileges to manage the user account using "User Manager for Domain"?
Jianliang Lu
TieSse s.p.a. Ivrea (To) - Italy
j.lu at tiesse.com luj at libero.it
http://www.tiesse.com
More information about the samba-technical
mailing list