On Sat, 2012-02-04 at 21:12 +0100, NdK wrote: > Hello all. > > I only recently discovered 'net ads search'. But it seems '-P' can only > be used by root, while I'd need to let 'radius' user do searches. > Is it "dangerous" if I make it rw for 'radius' group (or a new group > I'll make 'radius' user a member)?
This will essentially make radius run as root, as users with access to secrets.tdb can fake incoming kerberos tickets for any user. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
