[Samba] Re: Joining a samba domain on WinXP without a root login?

Michael Lueck mlueck at lueckdatasystems.com
Wed Jan 12 15:15:48 GMT 2005


Gerald (Jerry) Carter wrote:

> I posted an experimental patch last week that  allows domains admins
> (defined by the group mapping) to join machines to the domain.

Hi Jerry-

Um, OK I'll be the security bigot since you are spending time in this code right now.

I see a utility ID being created by the Samba admin person which is able to have 1) some read only access to the server to pull down files for setting up computers and 2) join computers to the domain. 
Thus 'domain admin' is a bit more horse power than I care to leave running around on a generic ID that goes is scripts. For example, there is no need for this account to create users in the domain, ja?

Both NT4 and AD have special ways to create a basic domain user, then add the specific permission to join workstations to the domain. Can your creativity provide that type of an implementation for Samba?

Thanks!

-- 
Michael Lueck
Lueck Data Systems

Remove the upper case letters NOSPAM to contact me directly.



More information about the samba mailing list