[Samba] Searching in AD
Andrew Bartlett
abartlet at samba.org
Sat Feb 4 20:11:24 MST 2012
On Sat, 2012-02-04 at 21:12 +0100, NdK wrote:
> Hello all.
>
> I only recently discovered 'net ads search'. But it seems '-P' can only
> be used by root, while I'd need to let 'radius' user do searches.
> Is it "dangerous" if I make it rw for 'radius' group (or a new group
> I'll make 'radius' user a member)?
This will essentially make radius run as root, as users with access to
secrets.tdb can fake incoming kerberos tickets for any user.
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
More information about the samba
mailing list