[samba] create account that can join machines but not admin access
on domain
Daniel Wilson
daniel.wilson at sunderland.ac.uk
Wed Nov 17 16:55:10 GMT 2004
MaTT wrote:
> Hi Daniel... this is from the Samba Docs... will help
>
> One of my junior staff needs the ability to add machines to the
> Domain, but I do not want to give him root access. How can we do this?
>
>
> Users who are members of the Domain Admins group can add machines to
> the Domain. This group is mapped to the UNIX group account called root
> (or equivalent on wheel on some UNIX systems) that has a GID of 0.
> This must be the primary GID of the account of the user who is a
> member of the Windows Domain Admins account.
>
> MRB
> http://www.lionix.com
> Linux
>
> Daniel Wilson wrote:
>
>> hi list,
>>
>> im using samba 3.0.8 with LDAP,
>>
>> To add a machine to the domain i currently use the administrator
>> account (which has uidNumber=0), which means this account has
>> automatic root on all of the shares (my shares arnt using samba, im
>> using NetApps Filers, which have been configured to authenticate via
>> samba), when we roll this project out accross the university (approx
>> 50,000 users) we want the technicians in each school to be able to
>> add machines to the domain but not get root/admin access to all the
>> shares.
>>
>> So my question is, Can you create an account that can add machines to
>> the domain but doesnt get root/admin priveldges on all the
>> shares/domain (as the would conflict with human rights issues etc...)
>>
>> Regards
>>
ive tried to set GID to 0 to an account, but i get unkwon username or
password error when i try to add it, if i use administrtor adding is
successful! ????
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Daniel Wilson
Systems Administrator
IT & Communications Service
University of Sunderland
Unit1 Technology Park
Chester Road
Sunderland
SR2 7PT
Tel: 0191 515 2695
This e-mail contains information which is confidential and may be privileged and is for the exclusive use of the recipient.
It is the responsibility of the recipient to ensure that this message and its attachments are virus free.
Any views or opinions presented are solely those of the author and do not necessarily represent those of the University, unless otherwise specifically
stated.
More information about the samba
mailing list