[Samba] Non-root accounts cannot join the Samba PDC:s domain
BJörn Lindqvist
bjourne at gmail.com
Sun Aug 27 02:36:13 GMT 2006
> > to turn permissions on in samba.conf, then
> > the net rpc rights grant syntax seem to be
> > "unstable." This doesn't work:
> >
> > net rpc rights grant username SeMachineAccountPrivilege
>
> You have to fully qualify names. That's not an unstable
> syntax....
It is inconsistent with other "net" commands. I.e:
net rpc user info someuser
where the name does not have to be fully qualified
> > Instead of username you are supposed to use
> > some DOMAIN/username syntax I haven't figured out.
> > Howerver, I was able to allow everyone
> > to join the domain with:
> >
> > net rpc rights grant Everybody SeMachineAccountPrivilege
>
> This is a security hole. I really would recommend
> against this. It's about the same as 'guest account = root'.
Why? If it is, then how else do enable computers to join your domain?
--
mvh Björn
More information about the samba
mailing list