[Samba] machine account with w2k

Brian Krusic brian at krusic.com
Thu Sep 9 15:36:24 GMT 2004

> The Domain Admin user "domadmin" must have the root-policies on the
> /etc/passwd like this:
> domadmin:x:0:0:

This is incorrect as you should never have users with identical uids.

You should mod the entry in etc/group to add your domadmin user to the root
group.  This gives it root privs.

> In my opinion it is not fine, because it is a security-hole,
Only someone of root or admin privs should be able to initially join domains
for if any one could, then a potential hacker to do so w/o admin/root privs
and attain further domain trust by doing so.


More information about the samba mailing list