[Samba] Running off pre-created keytabs
Michael Ströder
michael at stroeder.com
Fri Mar 1 21:04:57 UTC 2019
On 1/11/19 3:04 PM, Remy Zandwijk (Samba) via samba wrote:
> The Windows AD admin needs admin rights on the Windows AD server to
> add a machine account. In our case the Windows domain member admin
> only needs *local* admin rights to a) add the registry key and b) run
> the script. The Windows domain member admin does *not* need admin
> rights on the Windows AD server>
> It would be nice if we could say the same for a Windows AD server and a Samba domain member server.
>
> That's the whole thing: you *can* join a Windows domain server to the
> domain without the need for the Windows domain member server admin to
> have admin rights on the AD. You cannot join a Samba domain member
> server in the same fashion.
Full ack.
Unfortunately that seems not to be a well-known practice.
Ciao, Michael.
More information about the samba
mailing list