[Samba] How do you handle this right now? Joining workstations to a
robertedstrom at yahoo.com
Sat May 1 11:19:09 GMT 2004
Currently, we have a few windows NT4 domains and we are looking to
upgrade to samba. I have played with samba on my own and am very
comfortable with it. I have implemented pdc and bdc on both samba 2.x
and 3.x with an LDAP backend.
How do you currently handle adding workstations to the domain. I have
done it on my test domain with the root user and by assigning a
different password for the samba password from the actual root login. I
noticed that in 2.2.8a, I was able to join the domain as a non root user
with an LDAP backend as long as I added the user to the domain admin =
parameter. This was however, not doable on the smbpasswd backend. With
3.0, I was not able to add the user unless it was done with the root
user. For security reasons, I added "invalid users = root" to the
global section, but added "invalid users = " to the IPC$ share so that
root was able to join the workstations, but access no files or printers
on the server.
The problem with my situation is that there are multiple groups of
administrators who needed to add machines to "their" respective domains.
One group handles management of faculty workstations, another handles
student lab machines, and there are a few groups around the place. For
ease of management, we are going to use a single domain.
How would you handle this? Should I just share the smb root password
with ALL administrators, or would this cause problems?
Thanks in advance.
More information about the samba