[Samba] Searching in AD

Andrew Bartlett abartlet at samba.org
Sat Feb 4 20:11:24 MST 2012

On Sat, 2012-02-04 at 21:12 +0100, NdK wrote:
> Hello all.
> I only recently discovered 'net ads search'. But it seems '-P' can only
> be used by root, while I'd need to let 'radius' user do searches.
> Is it "dangerous" if I make it rw for 'radius' group (or a new group
> I'll make 'radius' user a member)?

This will essentially make radius run as root, as users with access to
secrets.tdb can fake incoming kerberos tickets for any user.  

Andrew Bartlett

Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org

More information about the samba mailing list