[Samba] Add Hosts as Domain Admin
Paul Gienger
pgienger at ae-solutions.com
Mon May 10 12:58:29 GMT 2004
As an alternative, if you set up a UNIX user 'Administrator' group and
have them properly configured for your domain you can give THAT out with
a different password. Give them a UID of 0 and an invalid shell and you
should be good. Of course there are a fair amount of holes that the
user could jump through with that, but at least you're not entirely
giving out 'root' on the server.
If you are using LDAP and the idealx scripts this is set up for you with
the populate script. Otherwise, make sure the SID of the user is <your
domain SID>-512 for them to be a proper administrator as far as windows
is concerned.
Tilo Lutz wrote:
>Hi
>
>I found a patch for Samba 3.0.2 allowing to add hosts as
>member of the domain admin group.
>(http://marc.theaimsgroup.com/?l=samba&m=107938779530259&w=2)
>
>Has anybody seen a patch for Samba 3.0.3? It took a look at
>srv_samr_nt.c but I don't think the old patch will fit.
>
>Why doesn't samba allow domain admins to add hosts to a
>domain?
>I don't want to give the root password to everyone who should
>be able to add hosts.
>Why I have to be root when adding hosts? Even beeing member of
>group root should be enough.
>
>Tilo
>
>
>
--
Paul Gienger Office: 701-281-1884
Applied Engineering Inc. Cell: 701-306-6254
Information Systems Consultant Fax: 701-281-1322
URL: www.ae-solutions.com mailto:pgienger at ae-solutions.com
More information about the samba
mailing list