-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Adam Tauno Williams wrote: |> Both NT4 and AD have special ways to create a basic |> domain user, then add the specific permission to join |> workstations to the domain. Can your creativity |> provide that type of an implementation for Samba? | | Isn't this "privilages"? You can muck about with them a | bit with rpcclient but they don't seem to do anything.
Yeah. The Domain Admins hack was a quick fix in an afternoon of work. Simo convinced me to spend the time and effort to implement the privileges feature he wrote for trunk.
I checked in a backport/rewrite on the privileges code from trunk into the 3.0 svn code base yesterday. So at this point you should be able to assing the SeMachineAccountPrivilege to any SID you like and use that SID to join the domain.
I've still got some security auditing to do on to make sure I haven't done anything stupid, but this code will be in 3.0.11pre2 sue out next week. I'll send a short howto as soon as I finish the lingering details.
cheers, jerry ===================================================================== Alleviating the pain of Windows(tm) ------- http://www.samba.org GnuPG Key ----- http://www.plainjoe.org/gpg_public.asc "I never saved anything for the swim back." Ethan Hawk in Gattaca -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFB6Cn5IR7qMdg1EfYRAiUaAKC7ELoNshYFmg9EQ0AvyYEC8uJHwQCeM7di i/E37m0ieaZO+aQk7Bbp0Ns= =sH4m -----END PGP SIGNATURE----- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
