Bug 3311 - I can do net join with -U regular_user
I can do net join with -U regular_user
Product: Samba 3.0
Classification: Unclassified
Component: Domain Control
Sparc Solaris
: P3 normal
: none
Assigned To: Samba Bugzilla Account
Samba QA Contact
Depends on:
  Show dependency treegraph
Reported: 2005-12-08 02:05 UTC by Omer Haklay
Modified: 2006-01-17 15:15 UTC (History)
0 users

See Also:


Note You need to log in before you can comment on or make changes to this bug.
Description Omer Haklay 2005-12-08 02:05:35 UTC
I delete computer from active directory and 
I ran from the computer "net join -U regular_user%password -I DC_IP -S DC_NAME -w DOMAIN_NAME -s smb.conf_path" by root and it succeed

My question how . Can any user create new computer in domain controller
Comment 1 Guenther Deschner 2006-01-17 15:15:26 UTC
No, when running in security=ads only accounts that have full domain admin rights can join. When running in security=domain, any account that has the "join" privilege can join machines to the domain.

The fact that security=ads requires high permissions is another bug that we might fix soon.