[Samba] understanding users mapping

fdelval at rojatex.com fdelval at rojatex.com
Thu Feb 3 04:27:05 MST 2011

Hello all,
Im Fran, and im from Spain.
Im currently using an english book to setup my samba server, and im having
problems understanding it.

I explain my problem.

I dont want to use root to join clients to the domain; i prefer creating a
plain user.

Ok, so, the steps i follow are:

net groupmap add unixgroup=srvadmins ntgroup="Server Admins"

net groupmap add ntgroup="Domain Admins" unixgroup=dmnadmins rid=512 type=d

net rpc rights grant 'ORA\Server Admins' seMachineAccountPrivilege

Now, users: "root", "dmnadmin"(from dmnadmins group) and "srvadmin" (from
srvadmins group) can add machines to domain.

So i wonder, why srvadmins group is needed to be granted privileges?

I tryed to lower dmnadmins privileges by revoking
semachineaccountprivilege privilege, but didnt worked, and it user managed
to add a machine to the domain correctly.

Ok, so, is this really usefull? why do i need 3 kind of users to be able
to join to the domain?

should i really stick to using root to join clients?

thank you

Fran Del Val
Dpto de informática.
Rojatex S.L.

More information about the samba mailing list