[Samba] Re: net rpc rights command
Gerald (Jerry) Carter
jerry at samba.org
Fri Aug 26 18:01:32 GMT 2005
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Michael Lueck wrote:
> Pau Garcia i Quiles wrote:
>
>> The problem was I had "invalid users = root" in my smb.conf (this
>> comes by
>> default in Debian). I just commmented that line and the problem
>> disappeared.
>
> They do that by DEFAULT now?!?!? aaaaaa, at least when I came up with
> the core of our Samba config standard a year and a quarter ago, that
> spells death for getting the M$ Add Printer Wizard driver upload to work
> properly... at least that is what I remember the affect being. Though no
> person in their right mind would log in to a Windows box as an ID "root"
> expecting it to be a domain account, thus it "should" be safe to set
> that user as invalid, it seemed to really do some evil things to Samba's
> internal security thinking.
>
> Samba folks, feel free to correct me if I am all wet about setting root
> as an invalid user. Personally I would lean towards that setting Debian
> is said to be using.
Sorry Michael. You are wrong here.
Prior to 3.0.11, just placing 'printer admin = +ntadmin' in [global]
was enough. >= 3.0.11 you just assign the SePrintOperatorPrivilege
to a group.
'root' has never been 100% necessary for print management.
cheers, jerry
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFDD1j7IR7qMdg1EfYRAjQ1AJ41L6CU6OEjI1ZxNPK0Gv9319Z/cQCeKu70
1VcCQh/SMmyQG7yAJXR0VGs=
=58y/
-----END PGP SIGNATURE-----
More information about the samba
mailing list