[Samba] Samba as domain controller

Bruno Guerreiro bruno.guerreiro at ine.pt
Wed Jan 11 10:12:45 GMT 2006


Hi, 

> -----Original Message-----
> From: Andreas Fladischer [mailto:andreas.fladischer at ecofinance.com] 
> Sent: quarta-feira, 11 de Janeiro de 2006 9:42
> To: Bruno Guerreiro
> Subject: Re: [Samba] Samba as domain controller
> 
> Thanks for your fast answer!
> 
> do you mean that i have to do
> 
> net rpc rights grant username SeMachineAccountPrivilege
> 
> for all users?i have 30 users and all are administrators- so 
> i have to do this command 30 times?

Do you really want your 30 users to be domain administrators? Or just add
the machines?
If it is the first situation it's easier to add them to a group "Domain
Admins" or something and then give that group admin rights in your smb.conf
If the second, not really sure if you can give rights to a group. Anyone ?
If it's not possible to give permissions to a group, than the solution would
be to grant rights one, by one.

Best regards,
Bruno Guerreiro
 
> greetz
> 
> Andreas
> 
> 
> Bruno Guerreiro wrote:
> 
> >Hi,
> >
> >  
> >
> >>-----Original Message-----
> >>From: Andreas Fladischer [mailto:andreas.fladischer at ecofinance.com]
> >>Sent: quarta-feira, 11 de Janeiro de 2006 9:26
> >>To: samba at lists.samba.org
> >>Subject: [Samba] Samba as domain controller
> >>
> >>hi at all!
> >>
> >>i set up a system where samba is a primary and a secondary domain 
> >>controller; the authentication is over ldap and everything 
> works fine 
> >>but....
> >>
> >>i would like to test what happen when the pdc is down and so i 
> >>shutdown the smb service on the pdc. the logins from all clients 
> >>worked well on the bdc but when i try to join a new machine to the 
> >>domain, it can't contact the domain controller (ok because 
> the pdc is 
> >>down). my question is, wheather it is possible to configure the bdc 
> >>so, that i can join to the domain when the pdc is down?
> >>    
> >>
> >
> >That's the normal behaviour on an NT Domain. When the PDC is 
> no users can be
> >modified or machines added. The Domain enters a reand-only 
> state. The only
> >way would be to "promote" the BDC to PDC.
> > 
> >  
> >
> >>my second question is wheather it is possible, that all 
> >>administrative users can join a new machine to the domain and 
> >>not only the root user?
> >>    
> >>
> >
> >Yes, if using privileges you must set the  SeMachineAccountPrivilege.
> >Something like 
> >net rpc rights grant username SeMachineAccountPrivilege
> >
> >
> >Hope this helps,
> >Bruno Guerreiro
> >
> >  
> >
> >>with best regards
> >>
> >>Andreas
> >>--
> >>To unsubscribe from this list go to the following URL and read the
> >>instructions:  https://lists.samba.org/mailman/listinfo/samba
> >>
> >>    
> >>
> >
> >  
> >
> 


More information about the samba mailing list