On Tue, 2004-04-06 at 15:24, Travis Groth wrote: > Uh...yes? root doesn't have a samba account. 'travis' is in the domain > admins group though, which is all you need to join a domain afaik. Take > a look at the ldap chunks and 'net groupmap list' output. Its either > something really stupid or i've uncovered a bug...according to all the > documentation I've seen and examples i've followed, I haven't missed > anything. > > --Travis >
This may have been beaten to death on the list, but AFAIK you cannot join a samba domain, even with a tdb or ldap backend w/o using the root account. It's the only reason I've kept a root account around (that and modifying ACLs, which is a seperate problem I haven't gotten around to seeing if I can fix). In fact, my root account isn't even in the domain admins group at this point. Without having to modify the smbpasswd file and /etc/passwd file, I couldn't see a reason for having to be root to join the domain anymore. I saw a patch (it's still in my inbox) for 2.2.8 that would allow domain admins to join the domain by assuming root privileges during the join, and I've considered attempting to adapt this patch for Samba 3 but I haven't had the time to even look at (if I had a Linux environment on my laptop I could work on this tomorrow on the plane, but alas spending is frozen and no one's gotten around to buying me vmware yet). Maybe someone else can shed some light as to why this restriction still seems to exist in Samba 3 with an LDAP backend? Clint -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
