[Samba] Security question
dharknes at umd.umich.edu
Mon Jun 7 15:09:00 GMT 2004
In my environment we have a small department that manages servers and
the network, but we leave end user support to each department. So I
need away of allowing the IT person in each department to add
workstations, without giving them rights to shares, users, or
workstations in other departments. How are others handling this?
Would it be sufficient to add the limited number of users to the Domain
Administrators group and then delete the add and delete entries out of
the smb.conf. I'm assuming that domain admins would no longer be able
to do anything in the domain, and direct access the smb.conf would be
Thanks so much,
On Jun 7, 2004, at 10:29 AM, Hamish wrote:
> Not sure how you would do it with samba as PDC, but you can add a GPO
> in > server2000 -
> allow users to join domain - userlist (this is not the exact wording)
> This will allow users to supply their own usernames etc for joining
> If you are using a samba PDC i remember there are some tools for GPO
> type stuff...
> Sorry a bit vague but it might help :)
> Derek Harkness wrote:
>> I've been googling for a while now and haven't found a decent answer
>> to this question.
>> How do I allow users to join the domain without handing out a domain
>> admin level account? Is there someway to limit what other domain
>> features this account has access to?
"This world is a comedy to those who think and a tragedy to those who
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 186 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20040607/9fe6c011/PGP.bin
More information about the samba