Samba - password synchronization-possible rights escalation

**ddaas** · 02-21-2005

Hello,
On the network where I am admin there is another guy who installs win clients, makes update etc.
It needs the samba root password (not the Linux root pass) to install new win clients etc.
My problem is that I have password synchronization between samba and Linux.
The guy who administers the win clients could log in from windows with his samba root password and change (from windows) my root password from the server.

Any idea how can I solve this problem? I don't want him to have possibility to change my root pass or other rights escalation to occur.

Can I restrict password synchronization only for root account?

Please need help.

ddaas

**GoldenEye** · 02-22-2005

Just create a new (no root) linux user and turn it into a samba server domain administrator, and then give the password to the guyl

**ddaas** · 02-22-2005

But the first when a windows client is added to the domain, it should log in as root. So it needs root to add a new machine to samba domain.

Am I right?

ddaas

**adam7979** · 02-22-2005

like GoldenEye said, you can have more domain administrator by adding entries into smb.conf

**ddaas** · 02-23-2005

I did it so:

admin user = not_root_user
invalid users = root

Thanks

**adam7979** · 02-23-2005

hmm..... try

Code:

domain admin group = not_root_user

Thread Tools

Display

Samba - password synchronization-possible rights escalation

Samba admins

Posting Permissions