Deft Developer
2018-Oct-29 23:50 UTC
[Samba] Only root can use net command, because of permissions of secrets.tdb
It seems that I can only run "net ads" commands as sudo, otherwise I get an error: Failed to open /var/lib/samba/private/secrets.tdb This is because secrets.tbd has the permissions 700. This is the case even for listing users with the machine account: net ads user -P Is this the normal behavior? Is there a correct way to configure so that ordinary users can use net without sudo?
Andrew Bartlett
2018-Oct-30 00:47 UTC
[Samba] Only root can use net command, because of permissions of secrets.tdb
On Mon, 2018-10-29 at 16:50 -0700, Deft Developer via samba wrote:> It seems that I can only run "net ads" commands as sudo, otherwise I get an > error: > > Failed to open /var/lib/samba/private/secrets.tdb > > This is because secrets.tbd has the permissions 700. > > This is the case even for listing users with the machine account: > > net ads user -P > > Is this the normal behavior? Is there a correct way to configure so that > ordinary users can use net without sudo? >Correct, -P means to read the machine account from secrets.tdb, so this is a privileged operation and so needs root permissions. Andrew Bartlett -- Andrew Bartlett https://samba.org/~abartlet/ Authentication Developer, Samba Team https://samba.org Samba Development and Support, Catalyst IT https://catalyst.net.nz/services/samba