On Mon, 2005-01-24 at 18:18 +0100, Tony Earnshaw wrote: > Geoff Scott: > > > > root# cd /var/lib/samba/sbin root# ./smbldap-usermod.pl -u 0 > > Administrator > > > > > > OK. I see the criticism, but where's your solution? You know, on the > > > Bottom line: Ignacio Coupeau tells you (blam) right out that your LDAP > admin user has to have a uidnumber and gidnumber attribute both of 0 and > you'd better believe him, since otherwise nothing works from XP/2000's > side.
> So. I end up with an LDAP "root" with uidnumber 0, gidnumber 0, who may > well have another password than the /etc/passwd root, but who gets the job > done (i.e. enabling XP/200 Windows domain logons). I find this abhorrent, > but "the boss" pays me, and my job is to provide the solutions for which > he pays my beer. I too hate this. It seems to be a hardcoded rule though, perhaps one that can be patched around. As a test, I tried "chown -R :Domain\ Admins /var/lib/samba" and "chmod -R g+rw /var/lib/samba" and running "smbpasswd -L -m -a test$" as a non-root user in the Domain Admins group. It whines and moans about not being able to perform the operation as non-root. However, if as the same user, you run the command as "fakeroot smbpasswd -L -m -a test$" it works fine. When performing a join, samba doesn't even try to run the machine add script unless the user is root. Maybe someone who knows the code can remove that check or make a "allow non root join pretty please" option... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
