-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Rauno Tuul wrote: | | -----Original Message----- | From: Antoine Jacoutot [mailto:[EMAIL PROTECTED] | | On Tuesday 16 September 2003 21:34, Rauno Tuul wrote: | |>IMHO groupmapping doesnt fill that hole, because whatever groupmap entry |>doesn't give admin rights on LDAP.
You're thinking about this from the wrong perspective. The 'domain admin group' from 3.0 was a limited way to handle group mapping. Instead of being a smb.conf parameter, the domain admin group is now a mapping between the domain admins SID and a unix gid. The check will be pretty much the same. We'll just make the domain admin sid against the current user's NT_TOKEN.
|>So, you think that's ok to remove that piece of code, right ? | | removing isn't the best solution, for security reasons. then can anyone turn | the LDAP to a mess...
Removing it is a really bad idea since anyone could then view user passwords if they tried hard enough.
| Honestly said, the parameter "domain admin group" should come back. | Some say it isn't necessary.
No. I can fix this just using the group mapping entry for "Domain Admins". We'll fix it post 3.0.0.
cheers, jerry -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQE/Z3pLIR7qMdg1EfYRAjbbAKC/RRXQKupbNbnVPUDmtzQ0xIVCcwCgpR99 MvPnNqsO4f2yA6jm954p6uI= =++F/ -----END PGP SIGNATURE-----
-- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
