[Samba] Machine account in smbpasswd is wrong

Jim Shanks jim at shanks.cc
Fri Feb 2 14:43:00 GMT 2007 

Christian,

It looks to me that the machine account will work fine in either case.  In
your first example the machine account is created with no password, which
is the way I would expect.  In your second example, it is created with no
LM password, but a LM2 password.  Either way, it should work.

However . . .

Since you are joining machines to your domain, you might want to take a
look at using the tdbsam account backend instead of smbpasswd.  Smbpasswd
doesn't support the extended account information that is required for
proper domain control.

To do the, set the global option in smb.conf:

        passdb backend = tdbsam

I also use the following to create the machine account:

        add machine script = /usr/sbin/useradd -d /dev/null -g
domaincomputers -s /bin/false -M %u;passwd -l %u

I not only creates the account, but creates a blank password for the
machine that can't be changed.

It's been working for over 2 years.

Jim


> Hallo,
>
> I can't join a win2K machine on my domain.
> I create the machine account dynamically in my smb.conf by the following
> line:
> add machine script = /usr/sbin/useradd -d /dev/null -g 200 -s /bin/false
> -M %u
>
> Now a machine account is created and added to my users (this part works
> ok)
> Samba also generates a machine account for samba (I could not find a line
> for that in my smb.conf)
> But the generated account is not good it look like this
> WIN2KMACHINE_1$:548:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:[W
>          ]:LCT-00000000:
>
> I found a workaround by adding the machine account for the users and for
> samba manually
> useradd -d /dev/null -g 200 -s /bin/false -M win2kmachine_1$
> smbpasswd -a -m win2kmachine_1$
>
> The smbpasswd look like this
> win2kmachine_1$:548:6A9911670184E884AAD3B435B51404EE:AF0782CC683F8A5C88DFE572758DFB96:[U
>          ]:LCT-45473055:
>
> After this log join my client again to the domain my smbpasswd changes
> into
> win2kmachine_1$:548:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:AF0782CC683F8A5C88DFE572758DFB96:[U
>          ]:LCT-45473055:
>
> And the machine can be logged on to the domain
>
> But I want this to be done automatically (It used to work with FC5)
> One of the strange things is that the auto generated account is in
> capitols
>
> I hope someone can tell what I did wrong (or what has to be added) because
> generating all the machine accounts by hand isn't my hobby
>
> Thanks in advance
>
> {
> Fedora Core 6
> samba 3.0.23c-2
> }
>
> Christian Prins
> Oldelft B.V.
> Tel. +31 (0)15 2698955
> Fax +31 (0)15 2698954
> Web: www.oldelft.com
>
>
>
>
>

More information about the samba mailing list