[Samba] How do you handle this right now? Joining workstations to a samba domain.

Robert robertedstrom at yahoo.com
Sat May 1 11:19:09 GMT 2004

Currently, we have a few windows NT4 domains and we are looking to 
upgrade to samba.  I have played with samba on my own and am very 
comfortable with it.  I have implemented pdc and bdc on both samba 2.x 
and 3.x with an LDAP backend.

How do you currently handle adding workstations to the domain.  I have 
done it on my test domain with the root user and by assigning a 
different password for the samba password from the actual root login.  I 
noticed that in 2.2.8a, I was able to join the domain as a non root user 
with an LDAP backend as long as I added the user to the domain admin = 
parameter.  This was however, not doable on the smbpasswd backend.  With 
3.0, I was not able to add the user unless it was done with the root 
user.  For security reasons, I added "invalid users = root" to the 
global section, but added "invalid users = " to the IPC$ share so that 
root was able to join the workstations, but access no files or printers 
on the server.

The problem with my situation is that there are multiple groups of 
administrators who needed to add machines to "their" respective domains. 
  One group handles management of faculty workstations, another handles 
student lab machines, and there are a few groups around the place.  For 
ease of management, we are going to use a single domain.

How would you handle this?  Should I just share the smb root password 
with ALL administrators, or would this cause problems?

Thanks in advance.

More information about the samba mailing list