Adding Machine Accounts

Jeremy Allison jallison at whistle.com
Wed May 6 18:20:01 GMT 1998


CURRIE KEVIN wrote:
> 
>         I was wonderring if someone might be able to explain to me why a
> machine account has to be in /etc/passwd as well as smbpasswd?  I
> understand the significance of having a valid uid; however, I really don't
> want 100+ computer accounts in my /etc/passwd file.  I personally would
> like all of these accounts to use the "nobody" account's uid.


I made that decision, after initially starting down the path
you are proposing. I decided to make the machine account
mandatory in /etc/passwd after a long discussion with
Luke on the requirement for NT RIDs synthesized from UNIX
uids to be unique.

>         I'm proposing that an option be added to smbpasswd so that us can
> do something along the lines of:
> 
>         smbpasswd -a -u 65534 -m machine
> 
>         and specify a uid for the machine right on the command line.  This
> would greatly simplify adding/removing machine accounts.  If there is some
> falicy in this logic that I am missing, could someone kindly point it out
> for me?  Thanks.
> 

I originally did this. Although easier in the short term it
will lead to immense pain later when we more fully integrate
into an NT Domain environment. NT machines expect machine
account RIDs to be unique within a domain - and they share
the same namespace as userids and groups. The easiest way
to do this is to ensure that the macgine account id's are 
already represented in the /etc/passwd file.

Hope this helps,

	Jeremy Allison.
	Samba Team.


More information about the samba-ntdom mailing list