Web lists-archives.com

Re: [Samba] Best practice for creating an RO LDAP User in AD...




Mandi! Rowland Penny via samba
  In chel di` si favelave...

> Not sure what you are proposing is going to work, AD expects every user
> to be a member of Domain Users, even though there is nothing in AD to
> show membership. 

Ah.

> Do you require this user to visible on all domain machines ?
[...]
> It might help if you could explain how you are going to use your new
> user 'mta'

No. Probably quoting a message of a month ago does not help...

I simply need to have a/some LDAP access to do LDAP queries; this 'mta'
examples, need to me to do email/aliases procesing in exim.


Practically, users in 'Restricted' group does not need to logon nor to
do anything on the domain, apart logging into the LDAP and do some
''generic'' queries.
I set to users in that group a random/complex password and forgot about
it, but i'm thinking of doing the 'right' things, lowering the account
privileges to the minimum.

Probably is a generic 'Active Directory' question, not a specific Samba
one, but... i've not found relevant info out there...


Thanks.

-- 
dott. Marco Gaiarin				        GNUPG Key ID: 240A3D66
  Associazione ``La Nostra Famiglia''          http://www.lanostrafamiglia.it/
  Polo FVG   -   Via della Bontà, 7 - 33078   -   San Vito al Tagliamento (PN)
  marco.gaiarin(at)lanostrafamiglia.it   t +39-0434-842711   f +39-0434-842797

		Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA!
      http://www.lanostrafamiglia.it/index.php/it/sostienici/5x1000
	(cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba