[Samba] Help: How to save a domain policy on Samba 3.0.0

Gémes Géza geza at kzsdabas.sulinet.hu
Sat Oct 4 09:31:22 GMT 2003

Hash: SHA1

Larry Liu írta:
| I use 'User Manger for Domain' on a NT4 member server to access the
| SAMof the Samba 3.0.0 PDC. It retrieves all the user and group accounts
| perfectly. Then I click 'Policies' ----> 'User Right', allow the group
| 'Account Operator' to 'add workstations to domain', it allows me to
| click through 'OK', but it doesn't save the policy.
| I can use 'User Manger for Domain' to disable/enable user
| accounts,change their passwords. However don't undstand why the domain
| policy won't get saved.
| Anyone knows the workaround?  Maybe something to be done on Unix command
| line to apply domain policies?
| Thanks.
As I know, because of the security of UNIX systems only users with
uid=0, typicaly called root are allowed to manipulate user accounts.
Because machine accounts also require a passwd (or LDAP corespondent)
entry, SAMBA follows this policy, so you would be unable to delegate
that right to anybody else.
But there was a discussion on this list about relaxing that at least in
case of LDAP based accounts. I also know about a patch (at least for
SAMBA 2.2.x) witch relaxes this at the expense of a big security hole.
Sorry for not having an absolutely positive answer for you :-(

Good Luck!

Geza Gemes
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org


More information about the samba mailing list