[samba] create account that can join machines but not admin access
on domain
MaTT
samba at lionix.com
Wed Nov 17 17:36:51 GMT 2004
daniel, increase the log level and check if the information provided
give any help
MRB
http://www.lionix.com
Linux
Daniel Wilson wrote:
> MaTT wrote:
>
>> Hi Daniel... this is from the Samba Docs... will help
>>
>> One of my junior staff needs the ability to add machines to the
>> Domain, but I do not want to give him root access. How can we do this?
>>
>> Users who are members of the Domain Admins group can add machines to
>> the Domain. This group is mapped to the UNIX group account called root
>> (or equivalent on wheel on some UNIX systems) that has a GID of 0.
>> This must be the primary GID of the account of the user who is a
>> member of the Windows Domain Admins account.
>>
>> MRB
>> http://www.lionix.com
>> Linux
>>
>> Daniel Wilson wrote:
>>
>>> hi list,
>>>
>>> im using samba 3.0.8 with LDAP,
>>>
>>> To add a machine to the domain i currently use the administrator
>>> account (which has uidNumber=0), which means this account has
>>> automatic root on all of the shares (my shares arnt using samba, im
>>> using NetApps Filers, which have been configured to authenticate via
>>> samba), when we roll this project out accross the university (approx
>>> 50,000 users) we want the technicians in each school to be able to
>>> add machines to the domain but not get root/admin access to all the
>>> shares.
>>>
>>> So my question is, Can you create an account that can add machines to
>>> the domain but doesnt get root/admin priveldges on all the
>>> shares/domain (as the would conflict with human rights issues etc...)
>>>
>>> Regards
>>>
> ive tried to set GID to 0 to an account, but i get unkwon username or
> password error when i try to add it, if i use administrtor adding is
> successful! ????
>
More information about the samba
mailing list