[Samba] Best practice for creating an RO LDAP User in AD...
Marco Gaiarin
gaio at sv.lnf.it
Wed Nov 8 08:49:42 UTC 2017
Mandi! Rowland Penny via samba
In chel di` si favelave...
> Not sure what you are proposing is going to work, AD expects every user
> to be a member of Domain Users, even though there is nothing in AD to
> show membership.
Ah.
> Do you require this user to visible on all domain machines ?
[...]
> It might help if you could explain how you are going to use your new
> user 'mta'
No. Probably quoting a message of a month ago does not help...
I simply need to have a/some LDAP access to do LDAP queries; this 'mta'
examples, need to me to do email/aliases procesing in exim.
Practically, users in 'Restricted' group does not need to logon nor to
do anything on the domain, apart logging into the LDAP and do some
''generic'' queries.
I set to users in that group a random/complex password and forgot about
it, but i'm thinking of doing the 'right' things, lowering the account
privileges to the minimum.
Probably is a generic 'Active Directory' question, not a specific Samba
one, but... i've not found relevant info out there...
Thanks.
--
dott. Marco Gaiarin GNUPG Key ID: 240A3D66
Associazione ``La Nostra Famiglia'' http://www.lanostrafamiglia.it/
Polo FVG - Via della Bontà , 7 - 33078 - San Vito al Tagliamento (PN)
marco.gaiarin(at)lanostrafamiglia.it t +39-0434-842711 f +39-0434-842797
Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA!
http://www.lanostrafamiglia.it/index.php/it/sostienici/5x1000
(cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)
More information about the samba
mailing list