-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Larry Liu �rta: | I use 'User Manger for Domain' on a NT4 member server to access the | SAMof the Samba 3.0.0 PDC. It retrieves all the user and group accounts | perfectly. Then I click 'Policies' ----> 'User Right', allow the group | 'Account Operator' to 'add workstations to domain', it allows me to | click through 'OK', but it doesn't save the policy. | | I can use 'User Manger for Domain' to disable/enable user | accounts,change their passwords. However don't undstand why the domain | policy won't get saved. | | Anyone knows the workaround? Maybe something to be done on Unix command | line to apply domain policies? | | Thanks. | | | As I know, because of the security of UNIX systems only users with uid=0, typicaly called root are allowed to manipulate user accounts. Because machine accounts also require a passwd (or LDAP corespondent) entry, SAMBA follows this policy, so you would be unable to delegate that right to anybody else. But there was a discussion on this list about relaxing that at least in case of LDAP based accounts. I also know about a patch (at least for SAMBA 2.2.x) witch relaxes this at the expense of a big security hole. Sorry for not having an absolutely positive answer for you :-(
Good Luck!
Geza Gemes -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQE/fpNp/PxuIn+i1pIRArmcAJ9EEXt6iHuxZYol1SDO52aqYV8c/gCfYfcb 5EZKzrWd7B9ID57BR2bpv4k= =0Gre -----END PGP SIGNATURE-----
-- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
