BJörn Lindqvist wrote:
> It is inconsistent with other "net" commands. I.e:
>
> net rpc user info someuser
>
> where the name does not have to be fully qualified
The net command is a kitchen sink that needs to be
broken into multiple commands. You don't have to qualify
the name in your example because it is implicitly
qualified by the domain of the server you are connecting to.
I see, thanks.
>> > net rpc rights grant Everybody SeMachineAccountPrivilege
>>
>> This is a security hole. I really would recommend
>> against this. It's about the same as 'guest account = root'.
>
> Why? If it is, then how else do enable computers to
> join your domain?
It's the same as saying 'admin users = +users'.
I suggest creating a group mapping (let's call it "Unix Admins")
and then running
I still don't understand why this is a security hole. And even if
there is, I see no other way to solve my problem . There are a few
hundred computers all connected to a Windows Active Directory. They
need all to join the Samba domain. The only feasible way I know of
making the transistion is to give all users the
SeMachineAccountPrivilege and then have each user migrate his or her
own computer.
--
mvh Björn
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
