samba4 rights management

Dirk Gouders gouders at
Wed Sep 28 04:26:45 MDT 2011


I am not sure how to do correct rights management with samba4 and am
unsure which parts of samba3 still apply.

I want a user account to be able to create and modify computer accounts
and ideally just that.  In w2k such a user has been a member of "account
operators" but such a user in samba4 could not create new computer
accounts but only modify existing ones.  When I added the user account
to "domain admins" it was able to create computer accounts but that is
not what I want.

In the samba3 doku I read about granting SeMachineAccountPrivilege with
"net rpc" to a user which I am currently testing but I do not find this
added right information in the user's LDAP entry and I am wondering if
there is some attribute in LDAP that I can use to reach the same goal.



More information about the samba-technical mailing list