Re: [Samba] Method for joining machines to PDC without using root
___cliff rayman___ wrote: currently, in order to join a win XP machine to a samba PDC, you have to use the root account (although you can use an smbpasswd and not the linux password). is there any way to set up another account to do this one particular task (one without uid=0)?. if we have users in remote places, i do not want to have to go over to their work station just to log them on the the domain. alsoi don't want to give them a login and password that could compromise the system the samba is running on (linux). AFAICT it works with a non-root user if you use LDAP instead of smbpasswd. snip/ -- Markus Schabel ++ | TGM - Die Schule der Technik | | IT-Service | | A-1200 Wien, Wexstrasse 19-23 | | Tel.: +43(1)33126/316 Fax: +43(1)33126/154 | | eMail: [EMAIL PROTECTED]| ++ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Method for joining machines to PDC without using root
Alan Woodland wrote: Markus Schabel wrote: ___cliff rayman___ wrote: currently, in order to join a win XP machine to a samba PDC, you have to use the root account (although you can use an smbpasswd and not the linux password). is there any way to set up another account to do this one particular task (one without uid=0)?. if we have users in remote places, i do not want to have to go over to their work station just to log them on the the domain. alsoi don't want to give them a login and password that could compromise the system the samba is running on (linux). AFAICT it works with a non-root user if you use LDAP instead of smbpasswd. snip/ Im currently doing that with the new samba from cvs using smbgroupedit, but it is possible with older sambas using (IIRC) domain admin group = @groupname and having the users you want to be able to add machines to the domain in that group. It does however make the user super user equivilent when logged in through samba that way, but not super user on the actual unix boxes. Alan I'm doing it with samba 2.2.7a. But I'd like something like add computer group = valid-user, so that everybody with a user-account can add his workstation to the domain (if the workstation's ip is logged as active by the dhcp). Probably it's possible to add computer-accounts via dhcp-log's (but I think the problem here is that the DHCP-hostname could be different from the NetBIOS-name. -- Markus Schabel ++ | TGM - Die Schule der Technik | | IT-Service | | A-1200 Wien, Wexstrasse 19-23 | | Tel.: +43(1)33126/316 Fax: +43(1)33126/154 | | eMail: [EMAIL PROTECTED]| ++ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Method for joining machines to PDC without using root
currently, in order to join a win XP machine to a samba PDC, you have to use the root account (although you can use an smbpasswd and not the linux password). is there any way to set up another account to do this one particular task (one without uid=0)?. if we have users in remote places, i do not want to have to go over to their work station just to log them on the the domain. alsoi don't want to give them a login and password that could compromise the system the samba is running on (linux). i think the answer is no from some of the information i found by googling, but i wanted to verify the answer here. my only other option would be to issue a: smbpasswd root make a temporary password, talk someone into joining a domain on the phone, immediately change the password back so it is secure. -- ___cliff [EMAIL PROTECTED]http://www.genwax.com/ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Method for joining machines to PDC without using root
On Mon, 23 Dec 2002, ___cliff rayman___ wrote: currently, in order to join a win XP machine to a samba PDC, you have to use the root account (although you can use an smbpasswd and not the linux password). is there any way to set up another account to do this one particular task (one without uid=0)?. No. It has to be done as a 'root' privilidged account from samba's perspective. ie: NT Administrator (which maps to root). As you noted, the smb password for root does not need to be the same as the system root password. if we have users in remote places, i do not want to have to go over to their work station just to log them on the the domain. alsoi don't want to give them a login and password that could compromise the system the samba is running on (linux). i think the answer is no from some of the information i found by googling, but i wanted to verify the answer here. You have your verification. Got a better suggestion? Send us your patches and we will look at them. my only other option would be to issue a: smbpasswd root make a temporary password, talk someone into joining a domain on the phone, immediately change the password back so it is secure. No different from NT/2K really. - John T. -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Method for joining machines to PDC without using root
John H Terpstra wrote: On Mon, 23 Dec 2002, ___cliff rayman___ wrote: You have your verification. Got a better suggestion? Send us your patches and we will look at them. i know, suggestions are cheap, good patches are like diamonds :-) if the problem is smbpasswd permissions, perhaps it can be set to mode 660 instead of 600, and with a group something like domainadd. any user with domainadd group, can add a windows box to the domain. users can be created in this special group that could do nothing else but add windows boxes to the domain. no logins - no share permissions etc.. i did look at the code, but it is way over my head without several hundred hours of study. :-) my only other option would be to issue a: smbpasswd root make a temporary password, talk someone into joining a domain on the phone, immediately change the password back so it is secure. No different from NT/2K really. i assumed that this was a samba requirement and not a windows requirement. -- ___cliff [EMAIL PROTECTED]http://www.genwax.com/ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
