[Samba] LDAP: add machine script required?

Nick Urbanik nicku at vtc.edu.hk
Thu Aug 21 23:59:13 GMT 2003

Dear Folks,

Thanks again Jerry.

"Gerald (Jerry) Carter" wrote:

> On Thu, 21 Aug 2003, Nick Urbanik wrote:
> > If I use sambaSamAccount with samba 3.0.0 RC1, do I need to define an
> > add machine script?  I want to be able to add machines to the domain
> > as simply as possible (i.e., "automatically").  So is an add machine
> > script needed, or does samba contain code to create the accounts
> > itself?
> Yes.  3.0 no longer defaults to using the 'add user script' to create
> machine accounts.  See the WHATSNEW.txt

Thanks, yes, I read that many times in the past, and before mailing to
this list have tried to understand when ldapsam_add_sam_account() in
samba-3.0.0rc1/source/passdb/pdb_ldap.c gets called and what it will do if
a machine account does not exist, or whether an add machine script is

So what _should_ the add machine script do with an ldapsam backend based
on sambaSamAccount?

   * Create the entire entry complete with sambaSamAccount, account
     objectClasses?  Or
   * Create the entire entry complete with sambaSamAccount, account and
     posixAccount objectClasses?  Or
   * just create a posixAccount for the machine?  Or
   * just create an account placeholder entry to be filled in by
     ldapsam_add_sam_account() in samba-3.0.0rc1/source/passdb/pdb_ldap.c?

As I mentioned earlier, the man page is not so clear (to me):

  add machine script (G)
      This is the full pathname to  a  script  that  will  be  run  by
      smbd(8)  when a machine is added to it's domain using the admin-
      istrator username and password method.

====> This option is only required when using sam  back-ends  tied  to
====> the  Unix  uid method of RID calculation such as smbpasswd. This
      option is only available in Samba 3.0.

My question is simply what should the add machine script do (now that you
have clarified that I need one)?

