[Samba] Access Windows 2003 Machine Accounts for ADS group policy software deployment

kel.way at magotteaux.com kel.way at magotteaux.com
Mon Nov 10 23:44:25 GMT 2003





Hi - I have a global group set up with all of the Windows XP _computer_
accounts as members.  When I do a 'getent group', it resolves all of the
groups with user accounts (shows the member accounts), but the groups with
machine accounts are empty - ie:

MYDOMAIN+My Site Computers:x:10079:  (no members listed even though there
are about 30 machine accounts in this Global group in my AD)

My goal is to set up a software installation repository on my Samba box and
I have GPOs in place to assign software to the machine accounts. Samba logs
show that MYDOMAIN+mymachine$  account cannot be found.  Is it possible to
afford access to Samba shares for machine accounts?

Also, for access lists in smb.conf, I've seen reference to this syntax:
valid users = @'MYDOMAIN+Domain Users'

This doesn't work, so I went with the this:  valid users = @10033    (which
is the group # for MYDOMAIN+Domain Users).  Is this a good way to handle
this or is there a better method?  What is the syntax if I want to use the
group names rather than the group numbers?

Thanks -Kel




More information about the samba mailing list