[Samba] Default "Domain Computers" group mapping with samba 3

Gianluca Cecchi gianluca.cecchi at gmail.com
Thu Aug 10 15:25:00 GMT 2006


Hello all,
I'm using samba 3 as a pdc on CentOS 3.7 (package is
samba-3.0.9-1.3E.7 based on 3.0.9 + rh patches)
I would like to recevive some clarification about predefined "Domain
Computers" group in Samba 3, as I didn't find complete information
about this in various documents.
It is stated as a well known but not essential entity  inside samba
documentation.

Is it correct to say that in samba  when I create a machine account I
have to create a corresponding user in Linux with the final $ into the
name, and so when this machine joins the domain, is automatically seen
as inside the "Domain Computers" group, or not?
It doesn't seem so, as the group mapping is not by default in place.

I found links regarding remote management for joining domains, using
the "add machine script " entry in smb.conf.
Typical examples are with useradd or adduser utilities. I found that
one suitable could be for example:
add machine script =  /usr/sbin/adduser -n -M -g machines  -c Machine
-d /dev/null -s /bin/false %u

And this implies that I have pre-created a Linux group named
"machines", but this group seems to not have any kind of importance,
or not?

Is it so formally correct to map the Linux "machines" group to the
"Domain Computers" group?
If I write
net groupmap modify ntgroup="Domain Computers" unixgroup=machines  type=d
I get the error
NT Group Domain Computers doesn't exist in mapping DB
while if I write
net groupmap add ntgroup="Domain Computers" unixgroup=machines rid=515 type=d
I get
Successully added group Domain Computers to the mapping db
and then
net groupmap list
gives:
System Operators (S-1-5-32-549) -> -1
Replicators (S-1-5-32-552) -> -1
Guests (S-1-5-32-546) -> -1
Domain Users (S-1-5-21-213297883-3554893867-145480655-513) -> users
Domain Guests (S-1-5-21-213297883-3554893867-145480655-514) -> nobody
Power Users (S-1-5-32-547) -> -1
Print Operators (S-1-5-32-550) -> -1
Administrators (S-1-5-32-544) -> -1
Domain Computers (S-1-5-21-213297883-3554893867-145480655-515) -> machines
Account Operators (S-1-5-32-548) -> -1
Backup Operators (S-1-5-32-551) -> -1
Users (S-1-5-32-545) -> -1
Domain Admins (S-1-5-21-213297883-3554893867-145480655-512) -> ntadmin

Thanks in advance for your comments and help.

Gianluca


More information about the samba mailing list