[Samba] nscd, ldap and the root/Administrator account
pgienger at ae-solutions.com
Thu May 5 12:53:47 GMT 2005
>I don't recall what Samba version you're using, but if I recall
>correctly, the only thing the root user was ever needed for, was joining
>machines to a domain. Presumably because he had to write to restricted
>files. From Samba 3.0.11 the privilege SeMachineAccountPrivilege can be
>assigned to a mortal to do this, so root isn't necessary at all from
>that version upward.
The account used to join machines had to be able to run the equivilent
of 'useradd somemachine$'. Since the smbd process runs as the
connecting user, you needed root or a root-like user. Then they allowed
the smbd process to fork a root process with the priviledge seperation
commands and voilla.
Paul Gienger Office: 701-281-1884
Applied Engineering Inc.
Systems Architect Fax: 701-281-1322
URL: www.ae-solutions.com mailto: pgienger at ae-solutions.com
More information about the samba