Bug 3311 - I can do net join with -U regular_user
Summary: I can do net join with -U regular_user
Alias: None
Product: Samba 3.0
Classification: Unclassified
Component: Domain Control (show other bugs)
Version: 3.0.20
Hardware: Sparc Solaris
: P3 normal
Target Milestone: none
Assignee: Samba Bugzilla Account
QA Contact: Samba QA Contact
Depends on:
Reported: 2005-12-08 02:05 UTC by Omer Haklay (dead mail address)
Modified: 2006-01-17 15:15 UTC (History)
0 users

See Also:


Note You need to log in before you can comment on or make changes to this bug.
Description Omer Haklay (dead mail address) 2005-12-08 02:05:35 UTC
I delete computer from active directory and 
I ran from the computer "net join -U regular_user%password -I DC_IP -S DC_NAME -w DOMAIN_NAME -s smb.conf_path" by root and it succeed

My question how . Can any user create new computer in domain controller
Comment 1 Guenther Deschner 2006-01-17 15:15:26 UTC
No, when running in security=ads only accounts that have full domain admin rights can join. When running in security=domain, any account that has the "join" privilege can join machines to the domain.

The fact that security=ads requires high permissions is another bug that we might fix soon.