[Samba] joining an NT PDC, WinNT user privileges

Daniel E. Coletti dcoletti at xtech.com.ar
Mon Nov 18 17:32:00 GMT 2002


El lun, 18-11-2002 a las 14:05, Chris McKeever escribió:
> I think once you do that command once...you are set forever...

Interesting ... I'll try this and I'll send the results...

thanks.

daniel///

> 
> -----Original Message-----
> From: Daniel E. Coletti [mailto:dcoletti at xtech.com.ar]
> Sent: Monday, November 18, 2002 10:59 AM
> To: Chris McKeever
> Subject: RE: [Samba] joining an NT PDC, WinNT user privileges
> 
> 
> El lun, 18-11-2002 a las 13:16, Chris McKeever escribió:
> > I just finished doing this myself (and now am trying to set it up at
> work).
> > Joining the computer to the domain smbpasswd -j (from the winbind man)
> justs
> > creates a computer account for the samba share..from my understanding,
> that
> > has nothing to do with the actual samba shares that will be
> implemented..so
> > you just need to use the smbpasswd -j command with a user account that has
> > enough priviledge to add a computer to the domain.
> 
> mhhh ... are you sure that this privilege is enough? Because I put only
> this privilege to the user I use, and the "unable to join DOMAIN"
> message showed at my screen. If I use another user (which has a lot of
> privileges) I can join the domain with no problems at all, the
> inconvinient is that I *cannot* use this user or a similiar user to do
> this, that's why I need to know the *exact* privileges this user needs.
> The NT security configuration is *pretty* tight, and to make things a
> little harder for me, I have no direct contact with the ``security''
> administrator of this PDC (I need to ask for changes via e-mail, you
> can't imagine how frustating is waiting a whole day in order to try
> another ``smbpasswd -j DOMAIN'').
> 
> Does the user you used to join the domain has *only* this privilege?
> (add a computer to domain)
> 
> daniel///
> 
> 
> 
> > 
> > The priviledges for files are created in the smb.conf file where you
> dictate
> > read/write priviledges based on the NT account information
> > 
> > My hardest part was configuring the pam modules to allow samba access
> > without needing to setup local linux and samba accounts...100% off the
> > domain user table
> > 
> > 
> > -----Original Message-----
> > From: Daniel E. Coletti [mailto:dcoletti at xtech.com.ar]
> > Sent: Monday, November 18, 2002 10:00 AM
> > To: samba at lists.samba.org
> > Subject: [Samba] joining an NT PDC, WinNT user privileges
> > 
> > 
> > Hi,
> > 	I've been looking for this information, but I couldn't find it
> > anywhere.
> > 	I have a samba (2.2.3) on debian (woody) and I mean to configure
> > this
> > server with winbind so it can authenticate domain users. The PDC is at a
> > NT server.
> > 	My question is is very simple ... what are the *exact* privileges I
> > need to give the user I use to join the domain? Winbind docs says use
> > 'Administrator'. Since this Win PDC tries to be as secure as possible,
> > using the PDC admin user for this samba server is something I'm not
> > allowed to do.
> > 
> > thanks,
> > 
> > daniel///
> > -- 
> > Daniel E. Coletti
> > XTech (Soluciones Linux para Empresas) - http://www.xtech.com.ar
> > Tel/Fax: ++5411 5236-9999
> > Viamonte 845 - Piso 16 - Segundo Cuerpo
> > Buenos Aires, Argentina
> > 
> > -- 
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  http://lists.samba.org/mailman/listinfo/samba
> > -- 
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  http://lists.samba.org/mailman/listinfo/samba
> -- 
> Daniel E. Coletti
> XTech (Soluciones Linux para Empresas) - http://www.xtech.com.ar
> Tel/Fax: ++5411 5236-9999
> Viamonte 845 - Piso 16 - Segundo Cuerpo
> Buenos Aires, Argentina
-- 
Daniel E. Coletti
XTech (Soluciones Linux para Empresas) - http://www.xtech.com.ar
Tel/Fax: ++5411 5236-9999
Viamonte 845 - Piso 16 - Segundo Cuerpo
Buenos Aires, Argentina




More information about the samba mailing list