[Samba] Adding workstations to domain as non-root [SOLVED]

James Cort james.cort at u4eatech.com
Mon Jan 16 13:24:33 GMT 2006

Quoting simo <idra at samba.org>:

> On Mon, 2006-01-16 at 09:41 +0000, James Cort wrote:
>> Hi,
>> The Problem:
>> I have a samba domain using LDAP as the backend, complete with the
>> IdealX LDAP scripts.
>> Most of my Unix boxes (certainly anything which does any Samba stuff)
>> authenticates against the same LDAP backend, using it for groups and
>> users.
>> I need to grant some people sufficient priviliges to add workstations
>> to the domain, but I don't want to give them the root password in LDAP
>> as doing so will also give them root access to the Unix boxes.
> Set "enable privileges = yes" in smb.conf
> Create a specific group for the users that you want to be able to add
> the group.
> Map the group with net groupmap
> When done, use net rights grant to grant this group the
> SeMacchineAccount privilege.
> No need to chown the scripts, samba will take care of everything.

Ab-so-lutely wonderful.  Works like a charm.  Many thanks.


More information about the samba mailing list