[Samba] How do you create an accout that can ONLY add workstations
to the domain
Paul Gienger
pgienger at ae-solutions.com
Wed Jul 21 17:09:29 GMT 2004
Michael Lueck wrote:
> Is there some way to configure a special account which is able to only
> join workstations to the domain? I believe the operation talks over
> IPC$ - such as the NETDOM.EXE command. Can one set admin users for
> IPC$ and thus join the domain without allowing that special account
> too much access to Samba.
The criteria that defines whether or not you can join machines is
usually whether or not you can add system users in UNIX. Traditionally
this has meant that you need root (or uid=0) access. With LDAP (as I
think you are using, no?) I believe this requirement may have been
blurred since you can define an ACL for adding things in the LDAP store.
You could maybe define a smb.conf include based on the user and/or group
(there have been examples of this) and then only have the create script
defined in that .conf file.
This is just a thought off the top of my head, not that I've tried it or
anything. I may have to look at this myself though since sometimes our
remote admin-less office needs to add a new machine.
--
Paul Gienger Office: 701-281-1884
Applied Engineering Inc.
Information Systems Consultant Fax: 701-281-1322
URL: www.ae-solutions.com mailto: pgienger at ae-solutions.com
More information about the samba
mailing list