[Samba] Adding workstations to domain as non-root

simo idra at samba.org
Mon Jan 16 12:41:14 GMT 2006

On Mon, 2006-01-16 at 09:41 +0000, James Cort wrote:
> Hi,
> The Problem:
> I have a samba domain using LDAP as the backend, complete with the 
> IdealX LDAP scripts.
> Most of my Unix boxes (certainly anything which does any Samba stuff) 
> authenticates against the same LDAP backend, using it for groups and 
> users.
> I need to grant some people sufficient priviliges to add workstations 
> to the domain, but I don't want to give them the root password in LDAP 
> as doing so will also give them root access to the Unix boxes.

Set "enable privileges = yes" in smb.conf
Create a specific group for the users that you want to be able to add
the group.
Map the group with net groupmap

When done, use net rights grant to grant this group the
SeMacchineAccount privilege.

No need to chown the scripts, samba will take care of everything.


Simo Sorce
Samba Team
email: idra at samba.org

More information about the samba mailing list