[Samba] On Machine Accounts

Yannick Gingras ygingras at ygingras.net
Fri Oct 6 16:32:29 GMT 2006

I have a few (~20) workstations dual booted with GNU/Linux and Windows
XP.  When configuration changes on these systems (about once a month)
I deploy a full disk image with UDPcast [1].  Unlike recent versions
of Norton Ghost, UDPcast have no post-deploy option to change the
machine name and/or trust account.  Most of the time those systems are
running on GNU/Linux and only occasionally will two of those be
running Windows at the same time.

[1]: http://www.udpcast.linux.lu/

The file server is a Debian GNU/Linux system running LDAP, NFS and
Samba.  Since I deploy new images often I would like to avoid any
manual setup on each system.  On GNU/Linux I can auto-detect the
hostname early in the boot process and set it transparently.  I
haven't found a way to do that on Windows though.  Authentication with
Samba running as a PDC is working fine and pam is set to keep the
GNU/Linux and Samba passwords in sync.

The only part that annoys me with this setup is the machine accounts.
Is the machine account.  Is it possible to configure Samba to
completely ignore the machine account?  Would there be major problems
in doing this?  So far I don't see any advantage in using a machine
account.  All the user accounts are password protected and the Samba
server only allows connection from a narrow IP range.


Yannick Gingras

More information about the samba mailing list