[Samba] Join Machine to Domain
manuel.piessnegger at straumann.com
manuel.piessnegger at straumann.com
Wed Nov 12 18:24:01 GMT 2003
Hi again,
In a other manual (http://www.unav.es/cti/ldap-smb/smb-ldap-3-howto.html)
they write that there must exist a user with uid =0 that meens at the end
JUST ROOT OR UID=0 can join w2k client into a domain.
In the [SAMBA_3_0] and [HEAD] only a few basic entries are required: nobody
and administrator BUT an account with uidNumber=0 (root or administrator)
MUST be present if you need add XP/W2K ws. The reason: an administrative
account is demanded in the ws side in the join process, and that account
must have a uidNumber=0 in the unix world.
Is there really no other way as to work with a user with uid=0 in the unix
world? I'm sorry but I make no more progress, hmm...... dead brain
By the way all Unix and Samba Accounts are presents in the LDAP
Manuel Piessnegger
The problem might be that by deafult only root has write acces to
smbpasswd and /etc/passwd and /etc/shadow
I have not verifeid this, though.
Bart.
manuel.piessnegger at straumann.com wrote:
>
>
>Hello,
>
>Is it really possible that just the user root with the samba password can
>join workstations into the domain?
>I have also some other users who are domain administrator, but with this
>users i can't join any workstations into the domain.
>This is mor me a important security point, because I want to give some
>people the acces right to join workstations into domain and only this
>function. Also if the user root is just a domain user in samba you have no
>rights to change something on a client, but when I start p.e. the user
>manager it's possible to change users passwords and that isn't nice.
>
>I use the following test enviroment:
>OS: Linux
>Samba 3 with backend ldapsam
>OpenLdap 2.1
>
>Regards
>
>
>Manuel Piessnegger
More information about the samba
mailing list