High Brian,
what you wrote I tried in my first experiment.
I created the user domamdin like this:
# useradd -m -u 500 -G 0 domadmin
# pdbedit -a -U 500 -G 512 domadmin
The Unix-user "domadmin" had the uid = 500, the primary-group = 500 (like normal users), and was a member of the root-group = 0.
Whit this settings I was able to join my Samba-PDC with Windows-NT4.0-Workstations well, when I manually created a machine-account on the Samba. But when I tried to the same with a Windows2000-Workstation, then I got a login prompt. Then I tried to give in the domadmin with the password, the login-promt appeared again. It was not possible to join my Samba-PDC with Windows2000-Workstations. I tried different things until I read in the Samba-manual, that I should join a Samba-Domain with the user Root. This is normally not possible, because Root does not have an smb-account and im my smb.conf I have: invalid users = root .
Yes, and because it was'nt successful with the user domadmin as member of group 0, I tried the really not nice thing, that I gave the user domadmin the uid 0, and this was successful.
Please could you tell me, what I did wrong? Please see for this the documentation in my first mail, there are my smb.conf and the user-profile from the domadmin.
By, Heinz.
Heinz Allerberger Systemadministrator Zentrum Neurologie Universit�tsklinikum Frankfurt am Main Tel: 069/6301-4274 Fax: 069/6301-6842 Piepser 18-0455
Brian Krusic wrote:
The Domain Admin user "domadmin" must have the root-policies on the
/etc/passwd like this:
domadmin:x:0:0:
This is incorrect as you should never have users with identical uids.
You should mod the entry in etc/group to add your domadmin user to the root group. This gives it root privs.
In my opinion it is not fine, because it is a security-hole,
Incorrect. Only someone of root or admin privs should be able to initially join domains for if any one could, then a potential hacker to do so w/o admin/root privs and attain further domain trust by doing so.
Bri-
-- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
