Volgograd

Волгоград Linux User Group

Организована 23 ноября 2002 года

Проект заморожен Птн Июл 6 02:11:14 MSD 2012


Вход:  Пароль:  

ГраблеВодство/TandT/samba/SambaNotes


Addition of Machines to the Domain


Samba versions prior to 3.0.11 necessitated the use of a domain administrator account that maps to the UNIX UID=0. The UNIX operating system permits only the root user to add user and group accounts. Samba 3.0.11 introduced a new facility known as Privileges, which provides five new privileges that can be assigned to users and/or groups; see Table 5.1.

Table 5.1. Current Privilege Capabilities
Privilege Description

SeMachineAccountPrivilege Add machines to domain

SePrintOperatorPrivilege Manage printers

SeAddUsersPrivilege Add users and groups to the domain

SeRemoteShutdownPrivilege Force shutdown from a remote system

SeDiskOperatorPrivilege Manage disk share

In this network example use is made of one of the supported privileges purely to demonstrate how any user can now be given the ability to add machines to the domain using a normal user account that has been given the appropriate privileges.

RIDS

Administrators — 544
Print Operators — 550
Backup Operators — 551
Replicators — 552
Domain Admins — 512
Domain Users — 513
Domain Guests — 514
Domain Computers — 553