[Samba] RFC2307: Recommendations for mapping Administrator account

Marco Gaiarin gaio at sv.lnf.it
Fri Feb 9 09:44:29 UTC 2018

Mandi! Fred F via samba
  In chel di` si favelave...

Only two little notes.

> Yeah, I definitely need different login shells. I only want a few
> users to actually be able to log into Linux machines.

I've found a bit problematic in the past associate invalid shells to
users; so, consider instead of invalid shalles, the use of proper ACL
for the service (eg, AllowedGroups for ssh).

> >From the discussion I've learned that there is no actual technical
> necessity for the Administrator user to be present at all, so I could
> either delete/disable it or map it to a regular UID just like any
> other regular user.

...consider also simply assigning a random password to Administrator
users, so it is enabled and work as expected but nobody, even you, know
the password.
If needed, as 'Domain Admins' user, you can set a password and use it.

dott. Marco Gaiarin				        GNUPG Key ID: 240A3D66
  Associazione ``La Nostra Famiglia''          http://www.lanostrafamiglia.it/
  Polo FVG   -   Via della Bontà, 7 - 33078   -   San Vito al Tagliamento (PN)
  marco.gaiarin(at)lanostrafamiglia.it   t +39-0434-842711   f +39-0434-842797

	(cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)

More information about the samba mailing list