[Samba] nscd, ldap and the root/Administrator account

Tony Earnshaw tonye at billy.demon.nl
Thu May 5 13:22:58 GMT 2005

tor, 05.05.2005 kl. 14.53 skrev Paul Gienger:

> >I don't recall what Samba version you're using, but if I recall
> >correctly, the only thing the root user was ever needed for, was joining
> >machines to a domain. Presumably because he had to write to restricted
> >files. From Samba 3.0.11 the privilege SeMachineAccountPrivilege can be
> >assigned to a mortal to do this, so root isn't necessary at all from
> >that version upward.
> >
> The account used to join machines had to be able to run the equivilent 
> of 'useradd somemachine$'.  Since the smbd process runs as the 
> connecting user, you needed root or a root-like user.  Then they allowed 
> the smbd process to fork a root process with the priviledge seperation 
> commands and voilla.

That would be it, thanks :)


Nothing sucksseeds like a pigeon without a beak ...

mail: tonye at billy.demon.nl
They'll love us, won't they? They feed us, don't they? ...

More information about the samba mailing list