Win2k Domain logon RPC Code
Andrew Bartlett
abartlet at pcug.org.au
Thu May 10 13:11:35 GMT 2001
Jason Coene wrote:
>
> Samba Team,
>
> As it stands, I can have Win2k workstations to log into a samba domain,
> however they must specify the root username and password in able to join
> into the domain. There must be a better way. I have searched the RPC code
> briefly, and did not see a common function where this is controlled. I would
> love to help improve this code. Any pointers to which portion(s) of the code
> deal with joining the domain?
>
> Regards,
>
> Jason
See rpc_server/srv_samr_nt.c:_api_samr_create_user()
It looks like we just need to do exactly the oppisite to what the
comment says, ie add the become_root() unbecome_root(), but just add a
check that the user is a domain admin. We should also create a new
paramater in smb.conf, 'add machine account script', so new machines and
users are done differently.
I don't mind helping out with some of the implementaion/testing, as this
is one of the things that rather interests me - I would prefer never to
login to samba as root.
If there are any traps in this, could the relevent person give a yell
please?
Andrew Bartlett
abartlet at pcug.org.au
--
Andrew Bartlett
abartlet at pcug.org.au
More information about the samba-technical
mailing list