configuring samba users to join clients to the domain
Hello all,
Im currently using an english book to setup my samba server, and im having problems understanding it. I explain my problem. I dont want to use root to join clients to the domain; i prefer creating a plain user. Ok, so, the steps i follow are: net groupmap add unixgroup=srvadmins ntgroup="Server Admins" net groupmap add ntgroup="Domain Admins" unixgroup=dmnadmins rid=512 type=d net rpc rights grant 'ORA\Server Admins' seMachineAccountPrivilege This way, i have a group called srvadmins with permissions to join clients, a group called dmnadmins with permissions to manage users and other permissions, and root. Now, users: "root", "dmnadmin"(from dmnadmins group) and "srvadmin" (from srvadmins group) can add machines to domain. Root because is root, srvadmin because i granted permissions, and dmnadmin because is admin So i wonder, why srvadmins group is needed to be granted privileges? I tryed to lower dmnadmins privileges by revoking semachineaccountprivilege privilege, but didnt worked net rpc rights revoke 'ORA\Domain Admins' seMachineAccountPrivilege looks like its privileges comes from another group and it user managed to add a machine to the domain correctly. Ok, so, is this really usefull? why do i need 3 kind of users to be able to join to the domain? should i really stick to using root to join clients? thanks |
Greetingz!
Let me make sure I understand your question; You're using an Open Source implementiation of a Microsoft scheme/protocol while struggling with English, and you wonder why you're having problems, correct? |
Quote:
if you say microsoft here is important, then, i should start up by stuying the turing machine to understand my problem. if english would be a really important problem, then, i shouldnt be posting in an english forum. Can you help about privileges? |
If you're trying to avoid having to run everything as root, and no one is in the "wheel" group, you can do one of two things;
1) Just use "sudo" 2) Use the "wheel" group. a) First, find out if the wheel group exists with "grep wheel /etc/group". If it does, add your regular user account to that group.WARNING: "SetUID" binaries are dangerous, anyone that can run them, will do so with root's effective UID. If you do not know what this means, what "SetUID" is, google/read/lrn2sysadmin first. |
All times are GMT -5. The time now is 03:19 PM. |