Paul Griffith
2005-Feb-08 16:56 UTC
[Samba] Samba v3.0.11 assigning privileges with custom pdb plugin
Greetings, We have home grown user management backend system, and I have ported our v2.2.x passdb over to v3 type plugin. I am able to access files and print using our backend. I am running into trouble joining PCs to the domain. I am assuming the primary problem is that our backend system doesn't have a 'root' user. I was hoping that assigning SeMachineAccountPrivilege to our tech members would be enough to allow our tech members to join computers to our domain. net rpc rights grant 'DOMAIN\paulg' SeMachineAccountPrivilege But I get prompted for a password and naturally if I don't enter a password I get. Could not connect to server 127.0.0.1 The username or password was not correct. Now as a test I did the following o disable our plugin and used sampasswd plugin o create Samba root user o assign SeMachineAccountPrivilege to myself o comment out sampasswd backend and enable our backend o I was now able to join the PC to our domain. So the question is it possible to gant rights without using the Samba root user? Any other suggestions? Thanks Paul
Gerald (Jerry) Carter
2005-Feb-08 19:10 UTC
[Samba] Samba v3.0.11 assigning privileges with custom pdb plugin
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Paul Griffith wrote: | Greetings, | | We have home grown user management backend system, | and I have ported our v2.2.x passdb over to v3 type plugin. | I am able to access files and print using our backend. | I am running into trouble joining PCs to the domain. | | I am assuming the primary problem is that our | backend system doesn't have a 'root' user. | | I was hoping that assigning SeMachineAccountPrivilege | to our tech members would be enough to allow our tech | members to join computers to our domain. | ... | | So the question is it possible to gant rights | without using the Samba root user? Any other suggestions? Paul, Create a group mapping for the Domain Admins group. E.g. net groupmap modify ntgroup="Domain Admins" unixgroup="ntadmins" now any member of the ntadmins unix group will be able to assign privileges. cheers, jerry ====================================================================Alleviating the pain of Windows(tm) ------- http://www.samba.org GnuPG Key ----- http://www.plainjoe.org/gpg_public.asc "I never saved anything for the swim back." Ethan Hawk in Gattaca -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCCQ4vIR7qMdg1EfYRAm8oAKDfwwWrK5p8L8C2PHQ8S4rNrxsPUACeIP4i i/vp0Z6J79ht3KWbK8DwglU=QayZ -----END PGP SIGNATURE-----