[Samba] Re: Joining a samba domain on WinXP without a root login?

Gerald (Jerry) Carter jerry at samba.org
Fri Jan 14 20:22:18 GMT 2005


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Adam Tauno Williams wrote:
|> Both NT4 and AD have special ways to create a basic
|> domain user, then add the specific permission to join
|> workstations to the domain. Can your creativity
|> provide that type of an implementation for Samba?
|
| Isn't this "privilages"?  You can muck about with them a
| bit with rpcclient but they don't seem to do anything.

Yeah.  The Domain Admins hack was a quick fix in an
afternoon of work.  Simo convinced me to spend the time
and effort to implement the privileges feature he
wrote for trunk.

I checked in a backport/rewrite on the privileges code from
trunk into the 3.0 svn code base yesterday.  So at this point
you should be able to assing the SeMachineAccountPrivilege to
any SID you like and use that SID to join the domain.

I've still got some security auditing to do on to make sure I
haven't done anything stupid, but this code will be in
3.0.11pre2 sue out next week.  I'll send a short howto as soon
as I finish the lingering details.





cheers, jerry
=====================================================================
Alleviating the pain of Windows(tm)      ------- http://www.samba.org
GnuPG Key                ----- http://www.plainjoe.org/gpg_public.asc
"I never saved anything for the swim back."     Ethan Hawk in Gattaca
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFB6Cn5IR7qMdg1EfYRAiUaAKC7ELoNshYFmg9EQ0AvyYEC8uJHwQCeM7di
i/E37m0ieaZO+aQk7Bbp0Ns=
=sH4m
-----END PGP SIGNATURE-----


More information about the samba mailing list