win2k joining Samba 2.2.2 PDC problems.
Eirik Thorsnes
Eirik.Thorsnes at fys.uib.no
Mon Dec 10 04:38:02 GMT 2001
On Monday 10 December 2001 13:16, you wrote:
> At 12:05 PM 12/10/01 +0000, Phil Chambers wrote:
> >When trying to join the client I used a username which is listed in my
> >"domain admin
> >group" list. Surely the point of this parameter is to provide non-root
> >access in
> >just this situation. The last thing I want to have to do is use my Unix
> > root password to join a client to the domain!
>
> Which is exactly what you need to do with NT (Administrator / Domain
> admin). You need to be able to read and write the smb password file so you
> need to be root, or at least someone who has access to do that. I agree,
> having root as an smb valid username is a security risk, but that's just
> the way these things work.
>
> Martyn Ranyard
Just a short note: remember that if you use encrypted passwords, you can have
different passwords for root in smbpasswd and passwd. (And thus creating an
own root account just for samba).
Eirik Thorsnes
P.S. Sorry for the direct email to M. Ranyard clicked a bit too fast
More information about the samba
mailing list