samba4 rights management
gouders at et.bocholt.fh-gelsenkirchen.de
Wed Sep 28 04:26:45 MDT 2011
I am not sure how to do correct rights management with samba4 and am
unsure which parts of samba3 still apply.
I want a user account to be able to create and modify computer accounts
and ideally just that. In w2k such a user has been a member of "account
operators" but such a user in samba4 could not create new computer
accounts but only modify existing ones. When I added the user account
to "domain admins" it was able to create computer accounts but that is
not what I want.
In the samba3 doku I read about granting SeMachineAccountPrivilege with
"net rpc" to a user which I am currently testing but I do not find this
added right information in the user's LDAP entry and I am wondering if
there is some attribute in LDAP that I can use to reach the same goal.
More information about the samba-technical