Guys,
I've been using samba PDC with LDAP backend for about 2 years now, and
they're working just fine. All this time, each time I join a new computer
(PC with win XP Pro, Me, win98), I use the root account and its samba
password. The problem is, I can use the root to login into the domain too,
which something I don't like. If i used the parameter "invalid users
root" via smb.conf, then I cannot join any PC into the domain.
I roamed into samba official How-to (
http://us1.samba.org/samba/docs/man/Samba-HOWTO-Collection/NetCommand.html#id2599196)
and found something interesting in the "Administering User Rights and
Privileges" part, the net rpc command. My goal was to create a new user,
other then the root, with a privillege restricted to merely joining PC's
into the domain (SeMachineAccountPrivilege). But when I tried one of the
command there, e.g. the 'net rpc rights list -U root%rootPassword',
nothing
came up. Is this normal? Then how to do it right? FYI, I'm using
samba-3.0.20b-3.3 with openldap2-2.2.27-6, and openSuSe 10.0. Thank you for
your help.
Regards,
