[Samba] Only root can use net command, because of permissions of secrets.tdb
Andrew Bartlett
abartlet at samba.org
Tue Oct 30 00:47:09 UTC 2018
On Mon, 2018-10-29 at 16:50 -0700, Deft Developer via samba wrote:
> It seems that I can only run "net ads" commands as sudo, otherwise I get an
> error:
>
> Failed to open /var/lib/samba/private/secrets.tdb
>
> This is because secrets.tbd has the permissions 700.
>
> This is the case even for listing users with the machine account:
>
> net ads user -P
>
> Is this the normal behavior? Is there a correct way to configure so that
> ordinary users can use net without sudo?
>
Correct, -P means to read the machine account from secrets.tdb, so this
is a privileged operation and so needs root permissions.
Andrew Bartlett
--
Andrew Bartlett
https://samba.org/~abartlet/
Authentication Developer, Samba Team https://samba.org
Samba Development and Support, Catalyst IT
https://catalyst.net.nz/services/samba
More information about the samba
mailing list