Michael Lueck wrote:
Is there some way to configure a special account which is able to only join workstations to the domain? I believe the operation talks over IPC$ - such as the NETDOM.EXE command. Can one set admin users for IPC$ and thus join the domain without allowing that special account too much access to Samba.
The criteria that defines whether or not you can join machines is usually whether or not you can add system users in UNIX. Traditionally this has meant that you need root (or uid=0) access. With LDAP (as I think you are using, no?) I believe this requirement may have been blurred since you can define an ACL for adding things in the LDAP store.
You could maybe define a smb.conf include based on the user and/or group (there have been examples of this) and then only have the create script defined in that .conf file.
This is just a thought off the top of my head, not that I've tried it or anything. I may have to look at this myself though since sometimes our remote admin-less office needs to add a new machine.
--
Paul Gienger Office: 701-281-1884
Applied Engineering Inc. Information Systems Consultant Fax: 701-281-1322
URL: www.ae-solutions.com mailto: [EMAIL PROTECTED]
-- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
