Find the answer to your Linux question:
Results 1 to 6 of 6
Hello, On the network where I am admin there is another guy who installs win clients, makes update etc. It needs the samba root password (not the Linux root pass) ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Jan 2005
    Location
    Germany
    Posts
    69

    Samba - password synchronization-possible rights escalation


    Hello,
    On the network where I am admin there is another guy who installs win clients, makes update etc.
    It needs the samba root password (not the Linux root pass) to install new win clients etc.
    My problem is that I have password synchronization between samba and Linux.
    The guy who administers the win clients could log in from windows with his samba root password and change (from windows) my root password from the server.

    Any idea how can I solve this problem? I don't want him to have possibility to change my root pass or other rights escalation to occur.

    Can I restrict password synchronization only for root account?

    Please need help.

    ddaas

  2. #2
    Just Joined!
    Join Date
    Jun 2004
    Location
    Leiria - Portugal
    Posts
    72

    Samba admins

    Just create a new (no root) linux user and turn it into a samba server domain administrator, and then give the password to the guyl

  3. #3
    Just Joined!
    Join Date
    Jan 2005
    Location
    Germany
    Posts
    69
    But the first when a windows client is added to the domain, it should log in as root. So it needs root to add a new machine to samba domain.

    Am I right?

    ddaas

  4. $spacer_open
    $spacer_close
  5. #4
    Linux User
    Join Date
    Feb 2005
    Posts
    290
    like GoldenEye said, you can have more domain administrator by adding entries into smb.conf

  6. #5
    Just Joined!
    Join Date
    Jan 2005
    Location
    Germany
    Posts
    69
    I did it so:

    admin user = not_root_user
    invalid users = root

    Thanks

  7. #6
    Linux User
    Join Date
    Feb 2005
    Posts
    290
    hmm..... try

    Code:
    domain admin group = not_root_user

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •