svn commit: samba r5180 - branches/SAMBA_3_0/source/rpc_server
Gerald (Jerry) Carter
jerry at samba.org
Thu Feb 3 03:50:13 GMT 2005
-----BEGIN PGP SIGNED MESSAGE-----
On Wed, 2 Feb 2005, Guenther Deschner wrote:
> Hi Andrew,
> On Thu, Feb 03, 2005 at 07:43:07AM +1100, Andrew Bartlett wrote:
> > > Log:
> > > Call the "add machine script" to create all kinds of trust accounts
> > > (this restores old behaviour). Fixes #2291.
> > I agree on the scripts part, but I'm not sure you should be using:
> > se_priv_copy( &se_rights, &se_machine_account );
> > The point here is to ensure that users with 'add machines to the domain'
> > can only add workstations, not BDCs and Domains. I may be off-base
> > here, but I think we just need two 'ifs'. The script to call and the
> > rights to use are different.
> Yes, sure. This is what I already asked Jerry in the bugreport.
> Another point: We are probably no longer able to create
> interdomain-trusts in the correct location from usrmgr. Testing that
Thanks for the fix Guenther. Apparently I was trying to work on too many
bugs concurrently yo make sense of this one.
I think you are both correct in that the add.*script test and
determining which rights to test should be separate conditions.
So the question is what rights make sense to create domain trusts ?
I'm inclined towards Domain Admins membership. I can fix this up
pretty quickly once we decide what is the corrcet behavior.
One more thing, maybe i've just forgotten but what exactly is the
different between thw workstation trust and server trusts types ?
Alleviating the pain of Windows(tm) ------- http://www.samba.org
GnuPG Key ----- http://www.plainjoe.org/gpg_public.asc
"I never saved anything for the swim back." Ethan Hawk in Gattaca
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
Comment: For info see http://quantumlab.net/pine_privacy_guard/
-----END PGP SIGNATURE-----
More information about the samba-technical