[Samba] Default "Domain Computers" group mapping with samba 3
gianluca.cecchi at gmail.com
Thu Aug 10 15:25:00 GMT 2006
I'm using samba 3 as a pdc on CentOS 3.7 (package is
samba-3.0.9-1.3E.7 based on 3.0.9 + rh patches)
I would like to recevive some clarification about predefined "Domain
Computers" group in Samba 3, as I didn't find complete information
about this in various documents.
It is stated as a well known but not essential entity inside samba
Is it correct to say that in samba when I create a machine account I
have to create a corresponding user in Linux with the final $ into the
name, and so when this machine joins the domain, is automatically seen
as inside the "Domain Computers" group, or not?
It doesn't seem so, as the group mapping is not by default in place.
I found links regarding remote management for joining domains, using
the "add machine script " entry in smb.conf.
Typical examples are with useradd or adduser utilities. I found that
one suitable could be for example:
add machine script = /usr/sbin/adduser -n -M -g machines -c Machine
-d /dev/null -s /bin/false %u
And this implies that I have pre-created a Linux group named
"machines", but this group seems to not have any kind of importance,
Is it so formally correct to map the Linux "machines" group to the
"Domain Computers" group?
If I write
net groupmap modify ntgroup="Domain Computers" unixgroup=machines type=d
I get the error
NT Group Domain Computers doesn't exist in mapping DB
while if I write
net groupmap add ntgroup="Domain Computers" unixgroup=machines rid=515 type=d
Successully added group Domain Computers to the mapping db
net groupmap list
System Operators (S-1-5-32-549) -> -1
Replicators (S-1-5-32-552) -> -1
Guests (S-1-5-32-546) -> -1
Domain Users (S-1-5-21-213297883-3554893867-145480655-513) -> users
Domain Guests (S-1-5-21-213297883-3554893867-145480655-514) -> nobody
Power Users (S-1-5-32-547) -> -1
Print Operators (S-1-5-32-550) -> -1
Administrators (S-1-5-32-544) -> -1
Domain Computers (S-1-5-21-213297883-3554893867-145480655-515) -> machines
Account Operators (S-1-5-32-548) -> -1
Backup Operators (S-1-5-32-551) -> -1
Users (S-1-5-32-545) -> -1
Domain Admins (S-1-5-21-213297883-3554893867-145480655-512) -> ntadmin
Thanks in advance for your comments and help.
More information about the samba