[Samba] Domain Administrators Not Recognized in Samba3

Clint Sharp clint at typhoon.org
Wed Apr 7 07:15:32 GMT 2004

On Tue, 2004-04-06 at 15:24, Travis Groth wrote:
> Uh...yes?  root doesn't have a samba account.  'travis' is in the domain
> admins group though, which is all you need to join a domain afaik.  Take
> a look at the ldap chunks and 'net groupmap list' output.  Its either
> something really stupid or i've uncovered a bug...according to all the
> documentation I've seen and examples i've followed, I haven't missed
> anything.
> --Travis

This may have been beaten to death on the list, but AFAIK you cannot
join a samba domain, even with a tdb or ldap backend w/o using the root
account.  It's the only reason I've kept a root account around (that and
modifying ACLs, which is a seperate problem I haven't gotten around to
seeing if I can fix).  In fact, my root account isn't even in the domain
admins group at this point.  Without having to modify the smbpasswd file
and /etc/passwd file, I couldn't see a reason for having to be root to
join the domain anymore.  I saw a patch (it's still in my inbox) for
2.2.8 that would allow domain admins to join the domain by assuming root
privileges during the join, and I've considered attempting to adapt this
patch for Samba 3 but I haven't had the time to even look at (if I had a
Linux environment on my laptop I could work on this tomorrow on the
plane, but alas spending is frozen and no one's gotten around to buying
me vmware yet).

Maybe someone else can shed some light as to why this restriction still
seems to exist in Samba 3 with an LDAP backend?


More information about the samba mailing list