[samba] create account that can join machines but not admin access on domain

Daniel Wilson daniel.wilson at sunderland.ac.uk
Wed Nov 17 11:06:57 GMT 2004


hi list,

im using samba 3.0.8 with LDAP,

To add a machine to the domain i currently use the administrator account 
(which has uidNumber=0), which means this account has automatic root on 
all of the shares (my shares arnt using samba, im using NetApps Filers, 
which have been configured to authenticate via samba), when we roll this 
project out accross the university (approx 50,000 users) we want the 
technicians in each school to be able to add machines to the domain but 
not get root/admin access to all the shares.

So my question is, Can you create an account that can add machines to 
the domain but doesnt get root/admin priveldges on all the shares/domain 
(as the would conflict with human rights issues etc...)

Regards

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Daniel Wilson
Systems Administrator

IT & Communications Service
University of Sunderland
Unit1 Technology Park
Chester Road
Sunderland
SR2 7PT

Tel: 0191 515 2695

This e-mail contains information which is confidential and may be privileged and is for the exclusive use of the recipient. 
It is the responsibility of the recipient to ensure that this message and its attachments are virus free. 
Any views or opinions presented are solely those of the author and do not necessarily represent those of the University, unless otherwise specifically
stated.





More information about the samba mailing list