[Samba] Adding workstations to domain as non-root [SOLVED]
james.cort at u4eatech.com
Mon Jan 16 13:24:33 GMT 2006
Quoting simo <idra at samba.org>:
> On Mon, 2006-01-16 at 09:41 +0000, James Cort wrote:
>> The Problem:
>> I have a samba domain using LDAP as the backend, complete with the
>> IdealX LDAP scripts.
>> Most of my Unix boxes (certainly anything which does any Samba stuff)
>> authenticates against the same LDAP backend, using it for groups and
>> I need to grant some people sufficient priviliges to add workstations
>> to the domain, but I don't want to give them the root password in LDAP
>> as doing so will also give them root access to the Unix boxes.
> Set "enable privileges = yes" in smb.conf
> Create a specific group for the users that you want to be able to add
> the group.
> Map the group with net groupmap
> When done, use net rights grant to grant this group the
> SeMacchineAccount privilege.
> No need to chown the scripts, samba will take care of everything.
Ab-so-lutely wonderful. Works like a charm. Many thanks.
More information about the samba