Andreas schreef:
Hi,
to use SAMBA as PDC for a Windows-Domain it needs an administrative user on the server to create machine- and user-accounts for the clients. Obviously root could do this.
Here is the issue that the on site maintenance of client pcs and users is done by an assistant who shouldn't get access to everything on the file server. So I can't give him root credentials or even let him execute passwd.
Even if I prepared some user- and machine- accounts he still needs the administrative user to le those client-pcs join the domain.
How can I have cake and eat it?
Regards Andreas
PS.: OpenSuse 10.3, Windows 2000 und Windows XP Clients.
You should set up Samba to be able to use Windows' "UserManager for Domains" to manage your users. A starting point is : http://nl2.samba.org/samba/docs/man/Samba-Guide/secure.html Scroll down to "Samba Configuration". In smb.conf study the "add user script", and the following lines. Then study paragraph 5, the script to map NT groups to unix groups. If set up good, you should be able to give your assistant rights to add machines and users, without giving him rights on the Samba-server. He would be member of the "Domain Admins" group, or rather he should have a separate account which is member of the "Domain Admins" group. Don't make his "normal" account member of the "Domain Admins" group. HTH, Koenraad Lelong. P.S. the Windows 2000 version of "UserManager for Domains" (Nexus) does not work on XP ! Search for the resource kit which contains the UserManager. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org