Samba - password synchronization-possible rights escalation
On the network where I am admin there is another guy who installs win clients, makes update etc.
It needs the samba root password (not the Linux root pass) to install new win clients etc.
My problem is that I have password synchronization between samba and Linux.
The guy who administers the win clients could log in from windows with his samba root password and change (from windows) my root password from the server.
Any idea how can I solve this problem? I don't want him to have possibility to change my root pass or other rights escalation to occur.
Can I restrict password synchronization only for root account?
Please need help.