[Samba] Security question

Derek Harkness dharknes at umd.umich.edu
Mon Jun 7 15:09:00 GMT 2004


In my environment we have a small department that manages servers and 
the network, but we leave end user support to each department.  So I 
need away of allowing the IT person in each department to add 
workstations, without giving them rights to shares, users, or 
workstations in other departments.  How are others handling this?

Would it be sufficient to add the limited number of users to the Domain 
Administrators group and then delete the add and delete entries out of 
the smb.conf.  I'm assuming that domain admins would no longer be able 
to do anything in the domain, and direct access the smb.conf would be 

Thanks so much,

On Jun 7, 2004, at 10:29 AM, Hamish wrote:

> Not sure how you would do it with samba as PDC, but you can add a GPO 
> in > server2000 -
> allow users to join domain - userlist (this is not the exact wording)
> This will allow users to supply their own usernames etc for joining
> If you are using a samba PDC i remember there are some tools for GPO 
> type stuff...
> Sorry a bit vague but it might help :)
> Derek Harkness wrote:
>> I've been googling for a while now and haven't found a decent answer 
>> to this question.
>> How do I allow users to join the domain without handing out a domain 
>> admin level account?  Is there someway to limit what other domain 
>> features this account has access to?
>> Thanks,
>> Derek
"This world is a comedy to those who think and a tragedy to those who 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 186 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20040607/9fe6c011/PGP.bin

More information about the samba mailing list