On Wed, 2005-09-28 at 14:48 +0200, Eduard Witteveen wrote: > Hello list, > > Im still trying to get the add machine script working. > > I have a user which is named "administrator", which is stored in ldap, > i can login using this user(i attached a loginshell) and execute the > command: '/usr/sbin/smbldap-useradd -w "eduard-laptop$"' succesfull > (UID=0,USER=root) > > Howevery, when this command is executed by samba, it will not run, since > ldap doesnt like the way the command was started: > (UID=65534,USER=root) > > How can i get this script to be executed the same way as when it is run > from the commandline?
I fought with this problem for a long time, and no one seemed to know the answer (other than the kludge mentioned in this thread: http://lists.samba.org/archive/samba/2005-September/110520.html) However...the answer lay in the documentation the whole time. :o( you need add this to your smb.conf: enable privileges = yes This allows you to grant special privileges to users (see man smb.conf for more detail) reload your samba config: $ smbcontrol smbd reload-config and grant the necessary rights to Administrator: $ net -U Administrator rpc rights list SeMachineAccountPrivilege Add machines to domain SePrintOperatorPrivilege Manage printers SeAddUsersPrivilege Add users and groups to the domain SeRemoteShutdownPrivilege Force shutdown from a remote system SeDiskOperatorPrivilege Manage disk shares $ net -U Administrator rpc rights list Administrator $ net -U Administrator rpc rights grant Administrator SeMachineAccountPrivilege Successfully granted rights. You should now be able to add machines to the domain. Better yet, your administrator account does _not_ have to have a uid of 0! Hope that helps. -davidc -- The one real object of education is to have a man in the condition of continually asking questions. -Bishop Mandell Creighton -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
