[Samba] nscd, ldap and the root/Administrator account

Paul Gienger pgienger at ae-solutions.com
Thu May 5 12:53:47 GMT 2005

>I don't recall what Samba version you're using, but if I recall
>correctly, the only thing the root user was ever needed for, was joining
>machines to a domain. Presumably because he had to write to restricted
>files. From Samba 3.0.11 the privilege SeMachineAccountPrivilege can be
>assigned to a mortal to do this, so root isn't necessary at all from
>that version upward.
The account used to join machines had to be able to run the equivilent 
of 'useradd somemachine$'.  Since the smbd process runs as the 
connecting user, you needed root or a root-like user.  Then they allowed 
the smbd process to fork a root process with the priviledge seperation 
commands and voilla.

Paul Gienger                    Office: 701-281-1884
Applied Engineering Inc.
Systems Architect               Fax:    701-281-1322
URL: www.ae-solutions.com       mailto: pgienger at ae-solutions.com

More information about the samba mailing list