[Samba] NT domain computer account

Rafal Pietrak rafal at zorro.isa-geek.com
Tue May 17 16:01:17 GMT 2005

Hi list,

Curiosity killed the cat, but... 

I've been reading samba sources and I can't quite figure out what
'features' of UNIX account is required for 'workstation account' (as in
NT domain).

The furthest I coud get to pin-point the requirements, is the pdbedit
source (source/utils/pdbedit.c), where we have two functions:
1) new_used(*context, *name, *full_name, *home, *drive, *script, ...);
2) new_machine(*context, *name);

Both will create relevant LN/NT passwords as they complete their tasks.

Apart from that, 'user' *must* access server-host filesystem, so it
definitely needs UID/GID recognized by host kernel. 'machine' doen't
need that, true?

Apparently, the 'ultimate DB editor' (the pdbedit) - suitable for any
database backend is capable of creation of a correct machine account
based on machine *name* alone. Presumably, no other attributes matter.
And since it's not the 'machine', but rather 'logged-in user' that
touches files on samba server system - one does not need a 'machine'
uid/gid there, does it?

Or may be the 'machine entity' does in fact touch server filesystem?

Could some kind soul point me to a relevant fragments of samba source
tree or some www FAQ, where I could find those details.

My question actually is: what is the complete list of attributes, that a
machine account needs on server host to serve it's purpose. Currently
I've identified only:
	1. name (machine name, string, ends with a dolar sign)
	2. LM/NT passwords hashes.
For a 'machine account' I cannot see any purpose for arrtibutes like:
	a) fullname
	b) home_dir
	c) home_drive
	d) script
	e) uid (host user ID)
(still, those attributes show up after "pdbedit -a -m -u NEW-PC").

Thenx in advance


More information about the samba mailing list