[Samba] Re: Win2k joining a Samba domain

M. Vancl mvancl at setuza.cz
Wed Mar 10 15:23:12 GMT 2004


Andrew Bartlett wrote:

>That's the cop-out excuse.  The technical reason is a couple of
>privilege checks that need more work, so that the very specific action
>of 'add new machine to the domain' can be correctly and securely
>delegated.
>
>Indeed, it is not a very secure system that requires that the root
>password be so widely distributed... :-)

A agree. It's also my opinion. Samba was always part of operating system
with right to use root privilege when necessary (force XXX etc.).
So why damn it is not able to give root privilege to member of  "Domain
Admins" group for instance, when it is necessary for maintaining UNIX
accounts.
Btw. when I'm using ldap backend, it is not necessary to be root to add any
entry to database including password entries !

M. Vancl





More information about the samba mailing list