Addition of Machines to the Domain
Samba versions prior to 3.0.11 necessitated the use of a domain administrator account that maps to the UNIX UID=0. The UNIX operating system permits only the root user to add user and group accounts. Samba 3.0.11 introduced a new facility known as Privileges, which provides five new privileges that can be assigned to users and/or groups; see Table 5.1.
Table 5.1. Current Privilege Capabilities
Privilege Description
SeMachineAccountPrivilege Add machines to domain
SePrintOperatorPrivilege Manage printers
SeAddUsersPrivilege Add users and groups to the domain
SeRemoteShutdownPrivilege Force shutdown from a remote system
SeDiskOperatorPrivilege Manage disk share
In this network example use is made of one of the supported privileges purely to demonstrate how any user can now be given the ability to add machines to the domain using a normal user account that has been given the appropriate privileges.
RIDS
Administrators 544
Print Operators 550
Backup Operators 551
Replicators 552
Domain Admins 512
Domain Users 513
Domain Guests 514
Domain Computers 553