-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Larry Liu ?rta:
| I use 'User Manger for Domain' on a NT4 member server to access the
| SAMof the Samba 3.0.0 PDC. It retrieves all the user and group accounts
| perfectly. Then I click 'Policies' ----> 'User Right',
allow the group
| 'Account Operator' to 'add workstations to domain', it allows
me to
| click through 'OK', but it doesn't save the policy.
|
| I can use 'User Manger for Domain' to disable/enable user
| accounts,change their passwords. However don't undstand why the domain
| policy won't get saved.
|
| Anyone knows the workaround? Maybe something to be done on Unix command
| line to apply domain policies?
|
| Thanks.
|
|
|
As I know, because of the security of UNIX systems only users with
uid=0, typicaly called root are allowed to manipulate user accounts.
Because machine accounts also require a passwd (or LDAP corespondent)
entry, SAMBA follows this policy, so you would be unable to delegate
that right to anybody else.
But there was a discussion on this list about relaxing that at least in
case of LDAP based accounts. I also know about a patch (at least for
SAMBA 2.2.x) witch relaxes this at the expense of a big security hole.
Sorry for not having an absolutely positive answer for you :-(
Good Luck!
Geza Gemes
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQE/fpNp/PxuIn+i1pIRArmcAJ9EEXt6iHuxZYol1SDO52aqYV8c/gCfYfcb
5EZKzrWd7B9ID57BR2bpv4k=0Gre
-----END PGP SIGNATURE-----