Delegation of permissions

Lukasz Zalewski lukas at eecs.qmul.ac.uk
Thu Oct 11 02:38:35 MDT 2012


On 10/10/12 14:51, Marc Muehlfeld wrote:
> Am 10.10.2012 15:28, schrieb Lukasz Zalewski:
>> We have successfully delegated the privileges to our computers OU (by
>> allowing
>> creation of Computer objects) and new machines join without any problems.
>> Similarly we delegated the password change privilege to our users OU.
>
> Ok. This is good to know. What version are you using? I migrated from s3
> to beta4 and upgraded to rc1 and last night to rc2.
Hi Mark,
I'm currently running Version 4.1.0pre1-GIT-1bf209d but had this working 
for about a month or so (and had been updating regularly)
>
> I configured the delegation with ADUC. For computer accounts creation I
> followed this guide:
> http://robiulislam.wordpress.com/2012/02/07/delegate-non-admin-account-to-add-workstations-to-domain/

I have used ADUC to delegate them and more less the same instructions 
bar the definition of explicit permissions.
Looking at the permissions there seem to be few more granted then the 
ones listed in the guide.

>> Are you creating new computer accounts, or re-using existing ones?
>
> I tried automatically creation on joining and creating a new one in ADUC
> before. Both fails with the error I wrote here:
> https://bugzilla.samba.org/show_bug.cgi?id=9267#c0

I think modification of existing accounts might cause a problem 
(https://bugzilla.samba.org/show_bug.cgi?id=8909 - i believe you are on 
the cc list for this bug) but have not tested this in a while

How are you joining the machines to the domain? - are you explicitly 
defining the OU they should go to?

L


More information about the samba-technical mailing list