[Samba] RFC2307: Recommendations for mapping Administrator account
Marco Gaiarin
gaio at sv.lnf.it
Fri Feb 9 09:44:29 UTC 2018
Mandi! Fred F via samba
In chel di` si favelave...
Only two little notes.
> Yeah, I definitely need different login shells. I only want a few
> users to actually be able to log into Linux machines.
I've found a bit problematic in the past associate invalid shells to
users; so, consider instead of invalid shalles, the use of proper ACL
for the service (eg, AllowedGroups for ssh).
> >From the discussion I've learned that there is no actual technical
> necessity for the Administrator user to be present at all, so I could
> either delete/disable it or map it to a regular UID just like any
> other regular user.
...consider also simply assigning a random password to Administrator
users, so it is enabled and work as expected but nobody, even you, know
the password.
If needed, as 'Domain Admins' user, you can set a password and use it.
--
dott. Marco Gaiarin GNUPG Key ID: 240A3D66
Associazione ``La Nostra Famiglia'' http://www.lanostrafamiglia.it/
Polo FVG - Via della Bontà , 7 - 33078 - San Vito al Tagliamento (PN)
marco.gaiarin(at)lanostrafamiglia.it t +39-0434-842711 f +39-0434-842797
Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA!
http://www.lanostrafamiglia.it/index.php/it/sostienici/5x1000
(cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)
More information about the samba
mailing list