[Samba] Security question

Hamish captainmish at gmx.net
Mon Jun 7 15:30:36 GMT 2004

What is your PDC running?

Derek Harkness wrote:

> Thanks!
> In my environment we have a small department that manages servers and 
> the network, but we leave end user support to each department.  So I 
> need away of allowing the IT person in each department to add 
> workstations, without giving them rights to shares, users, or 
> workstations in other departments.  How are others handling this?
> Would it be sufficient to add the limited number of users to the 
> Domain Administrators group and then delete the add and delete entries 
> out of the smb.conf.  I'm assuming that domain admins would no longer 
> be able to do anything in the domain, and direct access the smb.conf 
> would be required.
> Thanks so much,
> Derek
> On Jun 7, 2004, at 10:29 AM, Hamish wrote:
>> Not sure how you would do it with samba as PDC, but you can add a GPO 
>> in > server2000 -
>> allow users to join domain - userlist (this is not the exact wording)
>> This will allow users to supply their own usernames etc for joining
>> If you are using a samba PDC i remember there are some tools for GPO 
>> type stuff...
>> Sorry a bit vague but it might help :)
>> Derek Harkness wrote:
>>> I've been googling for a while now and haven't found a decent answer 
>>> to this question.
>>> How do I allow users to join the domain without handing out a domain 
>>> admin level account?  Is there someway to limit what other domain 
>>> features this account has access to?
>>> Thanks,
>>> Derek
> "This world is a comedy to those who think and a tragedy to those who 
> feel."

More information about the samba mailing list