How do you currently handle adding workstations to the domain. I have done it on my test domain with the root user and by assigning a different password for the samba password from the actual root login. I noticed that in 2.2.8a, I was able to join the domain as a non root user with an LDAP backend as long as I added the user to the domain admin = parameter. This was however, not doable on the smbpasswd backend. With 3.0, I was not able to add the user unless it was done with the root user. For security reasons, I added "invalid users = root" to the global section, but added "invalid users = " to the IPC$ share so that root was able to join the workstations, but access no files or printers on the server.
The problem with my situation is that there are multiple groups of administrators who needed to add machines to "their" respective domains. One group handles management of faculty workstations, another handles student lab machines, and there are a few groups around the place. For ease of management, we are going to use a single domain.
How would you handle this? Should I just share the smb root password with ALL administrators, or would this cause problems?
Thanks in advance.
-- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
