FWD:Machine accounts?

Gregory Leblanc gleblanc at cu-portland.edu
Fri Jan 21 06:54:23 GMT 2000 

samba-ntdom at samba.org wrote:
> 
> Subject: Machine accounts?
> Date: Fri, 21 Jan 2000 16:55:01 +1100
> From: Steve Frampton <frampton at j-com.co.jp>
> To: Multiple recipients of list SAMBA-NTDOM <samba-ntdom at samba.org>
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Hello:
> 
> I set up a Samba-based secondary domain controller yesterday (by following
> the directions in the excellent document at
> http://www.linuxworld.com/linuxworld/lw-1999-05/lw-05-thereandback.html).  I
> have a couple of questions:
> 
> - - Can a domain name not be the same as the machine name?  I had set up my
> system as "TokyoTest" and my NT domain/workgroup as "TokyoTest" and
> scratched my head for hours, wondering why nothing was working.  I then
> happened to try it with a different workgroup name, and it worked fine.

Generally, I'd say not.  I've never tried, because I want my server to
be SERVER, and my domain to be DOMAIN. (just examples).  A domain can
encompas much more than just a single machine, indeed, that is the
purpose of having a domain.  It allows password database replication
across multiple servers, and gives NT machines a central database to
confirm names and passwords.  

> 
> - - I'm a little confused about machine accounts.  For testing, I used a
> laptop running Win95 whose machine name was set to "User63".  Therefore, I
> set up a User63$ account in /etc/passwd:
> 
> USER63$:x:803:800:NT dummy account:/dev/null:/bin/false
> 
> and then used "smbpasswd -a -m USER63" to create the corresponding entry
> in /etc/smbpasswd.  I was under the impression that one was needed in
> order for authentication to work.  However, after my laptop died this
> afternoon, I grabbed another one, and was able to get authenticated.  So
> - -- can I just forget about the bother of creating about a hundred machine
> accounts then?  :-)

Machine accounts are only needed for NT machines, as per the way that
the "real" NT does things.  Win9x machines don't need accounts in the
domain to function.

> 
> - - I'm preparing to set up a Netatalk service with the same file shares as
> offered by Samba.  Is there something I should be aware of with regard to
> domain controller?  I've done this (Samba/Netatalk combo) before, but I've
> never had to set up a domain controller before.

Sorry, can't help you there, I don't even know that Netatalk is.  Sounds
Mac ish, which just isn't me.
	Greg

More information about the samba-ntdom mailing list