[Samba] Re: net rpc rights command

Gerald (Jerry) Carter jerry at samba.org
Fri Aug 26 18:01:32 GMT 2005


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Michael Lueck wrote:
> Pau Garcia i Quiles wrote:
> 
>> The problem was I had "invalid users = root" in my smb.conf (this
>> comes by
>> default in Debian). I just commmented that line and the problem
>> disappeared.
> 
> They do that by DEFAULT now?!?!? aaaaaa, at least when I came up with
> the core of our Samba config standard a year and a quarter ago, that
> spells death for getting the M$ Add Printer Wizard driver upload to work
> properly... at least that is what I remember the affect being. Though no
> person in their right mind would log in to a Windows box as an ID "root"
> expecting it to be a domain account, thus it "should" be safe to set
> that user as invalid, it seemed to really do some evil things to Samba's
> internal security thinking.
> 
> Samba folks, feel free to correct me if I am all wet about setting root
> as an invalid user. Personally I would lean towards that setting Debian
> is said to be using.

Sorry Michael.  You are wrong here.

Prior to 3.0.11, just placing 'printer admin = +ntadmin' in [global]
was enough.  >= 3.0.11 you just assign the SePrintOperatorPrivilege
to a group.

'root' has never been 100% necessary for print management.




cheers, jerry
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFDD1j7IR7qMdg1EfYRAjQ1AJ41L6CU6OEjI1ZxNPK0Gv9319Z/cQCeKu70
1VcCQh/SMmyQG7yAJXR0VGs=
=58y/
-----END PGP SIGNATURE-----


More information about the samba mailing list