Friday, July 25, 2003, 6:31:30 PM, Felipe wrote: > On Fri, 2003-07-25 at 12:41, Beast wrote: >> >> This is required for me because I will use ldap backend but I don't >> want to create root account in ldap which if it's compromised, it can >> do anything to *all* workstation.
> Sincerely, I don't know why the "Administrator" user must have a UID of > 0, but I know that it's always needed, even when you're using the > LDAPSAM backend. > In fact, I'm using the LDAPSAM backend of Samba 3.0 beta 3 and it's a > requisite that the user you use to join the machine to the domain > (normally, Administrator) has a UID of cero. > To secure you "Administrator" Samba user, assign it a UID of 0, a > different password from your "root" unix user, I have to enable "ldap passwd sync", so assigning diferrent passwd will not be the good solutions... > and specify "/dev/null" > as the home directory and login shell. Aaaaaah yes, why i'm so dumb? :=) Create user administrator with uid=0 but doesn't have home directory and valid shell. root will be local on each server, Tks felipe, you're my hero :-) --beast -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
