[Samba] Add Hosts as Domain Admin
Tilo Lutz
TiloLutz at gmx.de
Mon May 10 18:44:47 GMT 2004
> As an alternative, if you set up a UNIX user 'Administrator' group and
> have them properly configured for your domain you can give THAT out with
> a different password. Give them a UID of 0 and an invalid shell and you
> should be good. Of course there are a fair amount of holes that the
> user could jump through with that, but at least you're not entirely
> giving out 'root' on the server.
>
> If you are using LDAP and the idealx scripts this is set up for you with
> the populate script. Otherwise, make sure the SID of the user is <your
> domain SID>-512 for them to be a proper administrator as far as windows
> is concerned.
>
> Tilo Lutz wrote:
>
> >Hi
> >
> >I found a patch for Samba 3.0.2 allowing to add hosts as
> >member of the domain admin group.
> >(http://marc.theaimsgroup.com/?l=samba&m=107938779530259&w=2)
> >
> >Has anybody seen a patch for Samba 3.0.3? It took a look at
> >srv_samr_nt.c but I don't think the old patch will fit.
> >
> >Why doesn't samba allow domain admins to add hosts to a
> >domain?
> >I don't want to give the root password to everyone who should
> >be able to add hosts.
> >Why I have to be root when adding hosts? Even beeing member of
> >group root should be enough.
> >
> >Tilo
> >
> >
> >
>
> --
> Paul Gienger Office: 701-281-1884
> Applied Engineering Inc. Cell: 701-306-6254
> Information Systems Consultant Fax: 701-281-1322
> URL: www.ae-solutions.com mailto:pgienger at ae-solutions.com
>
>
More information about the samba
mailing list