[samba] create account that can join machines but not admin access
on domain
MaTT
samba at lionix.com
Wed Nov 17 15:32:45 GMT 2004
Hi Daniel... this is from the Samba Docs... will help
One of my junior staff needs the ability to add machines to the
Domain, but I do not want to give him root access. How can we do this?
Users who are members of the Domain Admins group can add machines to the
Domain. This group is mapped to the UNIX group account called root (or
equivalent on wheel on some UNIX systems) that has a GID of 0. This must
be the primary GID of the account of the user who is a member of the
Windows Domain Admins account.
MRB
http://www.lionix.com
Linux
Daniel Wilson wrote:
> hi list,
>
> im using samba 3.0.8 with LDAP,
>
> To add a machine to the domain i currently use the administrator account
> (which has uidNumber=0), which means this account has automatic root on
> all of the shares (my shares arnt using samba, im using NetApps Filers,
> which have been configured to authenticate via samba), when we roll this
> project out accross the university (approx 50,000 users) we want the
> technicians in each school to be able to add machines to the domain but
> not get root/admin access to all the shares.
>
> So my question is, Can you create an account that can add machines to
> the domain but doesnt get root/admin priveldges on all the shares/domain
> (as the would conflict with human rights issues etc...)
>
> Regards
>
More information about the samba
mailing list