[Samba] Win2k joining a Samba domain

Jim C. jcllings at javahop.com
Wed Mar 10 15:53:37 GMT 2004 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

|> Joining a domain involves adding a user account to your UNIX system.
|> Normally only root can add/delete accounts. How secure do you think your
|> UNIX system will be if anyone can add/delete accounts? How secure a world
|> do we want?

The trust accounts add just fine on my system through the use of the adm
group as mentioned earlier.  I can't find an explanation of what it is
that User Manager for Domains does exactly.  If it simply edits an LDAP
database then my problems regarding it are strictly with LDAP and the
first place I should look is probably /etc/ldap/slapd.access.conf.
mmmm... OH! Duh, I didn't watch the ldap logs when I was trying to run
that.  I'll give this a try.  Should be insightful.   I found that "tail
- -f /var/log/ldap/ldap.log | grep filter" works OK for finding out what
samba is looking for.

|> In short, the account that you use to create a domain member trust
account
|> for machines must have full administrative privilidge on the UNIX system.

OK, so that means that uid=root should be uidNumber=0 *AND* I should
probably put ldap first in nss_switch.conf so that this is the one that
gets found by the system.  Does this account need to be a
sambaSamAccount or can it possibly be POSIX only?  I would wish to
minimize the number of admin accounts, of course.

BTW, if I can figure this out I will be very happy to draw a diagram
that shows a viable LDAP structure for inclusion in the docs. I am one
of those unfortunates who learns visually.  As many others have
discovered, it is really difficult to teach some of us using a text
based medium. :-/

Thank you for your patience in the mean time.

Jim C.

- --

- -----------------------------------------------------------------
| I can be reached on the following messenger services:		|
|---------------------------------------------------------------|
| MSN: j_c_llings at hotmail.com  AIM: WyteLi0n  ICQ: 123291844 	|
|---------------------------------------------------------------|
| Y!: j_c_llings               Jabber: jcllings at njs.netlab.cz	|
- -----------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3-nr1 (Windows XP)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFATzoB57L0B7uXm9oRAphNAJ9IAm3CYrVpt+fs9OApvac+tXWqUwCaA+LO
PIEKGgbwRQpBXxkcriQ74KM=
=OQwe
-----END PGP SIGNATURE-----

More information about the samba mailing list