[samba] create account that can join machines but not admin access on domain

MaTT samba at lionix.com
Wed Nov 17 17:36:51 GMT 2004


daniel, increase the log level and check if the information provided 
give any help

MRB
http://www.lionix.com
Linux
Daniel Wilson wrote:
> MaTT wrote:
> 
>> Hi Daniel... this is from the Samba Docs... will help
>>
>>  One of my junior staff needs the ability to add machines to the 
>> Domain, but I do not want to give him root access. How can we do this?
>>    
>> Users who are members of the Domain Admins group can add machines to 
>> the Domain. This group is mapped to the UNIX group account called root 
>> (or equivalent on wheel on some UNIX systems) that has a GID of 0. 
>> This must be the primary GID of the account of the user who is a 
>> member of the Windows Domain Admins account.
>>
>> MRB
>> http://www.lionix.com
>> Linux
>>
>> Daniel Wilson wrote:
>>
>>> hi list,
>>>
>>> im using samba 3.0.8 with LDAP,
>>>
>>> To add a machine to the domain i currently use the administrator 
>>> account (which has uidNumber=0), which means this account has 
>>> automatic root on all of the shares (my shares arnt using samba, im 
>>> using NetApps Filers, which have been configured to authenticate via 
>>> samba), when we roll this project out accross the university (approx 
>>> 50,000 users) we want the technicians in each school to be able to 
>>> add machines to the domain but not get root/admin access to all the 
>>> shares.
>>>
>>> So my question is, Can you create an account that can add machines to 
>>> the domain but doesnt get root/admin priveldges on all the 
>>> shares/domain (as the would conflict with human rights issues etc...)
>>>
>>> Regards
>>>
> ive tried to set GID to 0 to an account, but i get unkwon username or 
> password error when i try to add it, if i use administrtor adding is 
> successful! ????
> 


More information about the samba mailing list