Bug 3311 - I can do net join with -U regular_user
Summary: I can do net join with -U regular_user
Status: RESOLVED FIXED
Alias: None
Product: Samba 3.0
Classification: Unclassified
Component: Domain Control (show other bugs)
Version: 3.0.20
Hardware: Sparc Solaris
: P3 normal
Target Milestone: none
Assignee: Samba Bugzilla Account
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2005-12-08 02:05 UTC by Omer Haklay (dead mail address)
Modified: 2006-01-17 15:15 UTC (History)
0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Omer Haklay (dead mail address) 2005-12-08 02:05:35 UTC 
I delete computer from active directory and 
I ran from the computer "net join -U regular_user%password -I DC_IP -S DC_NAME -w DOMAIN_NAME -s smb.conf_path" by root and it succeed

My question how . Can any user create new computer in domain controller
Comment 1 Guenther Deschner 2006-01-17 15:15:26 UTC 
No, when running in security=ads only accounts that have full domain admin rights can join. When running in security=domain, any account that has the "join" privilege can join machines to the domain.

The fact that security=ads requires high permissions is another bug that we might fix soon.