[Samba] Enter or quit a samba's domain in pdc
Edmundo Valle Neto
edmundo.valle at terra.com.br
Fri Apr 20 17:32:31 GMT 2007
>> What key in your Windows? There isnt any need to change any key to make
>> a Windows client join a domain since the first version of samba 3 (I am
>> talking about several years). You can search the samba list history and
>> see that beeing asked several times.
> I don’t have see that... sorry
>> What the log says? If you are saying that the account really exists,
>> does samba accepts at least the root user list the server shares
>> locally? "smbclient -L localhost -U root". What "pdbedit -Lv root"
>> shows? "Samba by Example" has several examples step by step to configure
>> a server.
> Yes of course. The account exists, "smbclient..." work and I enter the share in this method. But when I edit the pdbedit -Lv root, I had the line :
> Nothing in the station. It's normaly?
Yes, its normal. Its the workstations you can log on, if empty, no
>> Well, Im not a bash script guru, but I really dont know what %m$ means.
>> Principally inside a script to which wasnt passed any parameter
>> (parameters are referenced by %1, %2, etc). About your script, have you
>> really readed the samba docs, the part that shows how to join clients
>> automatically, and what should be in that line?
>> Its in the docs, it shows all available ways.
> %m, in samba, it's the netbios name of the machine. The docs say :
> creating Machine Trust Accounts is
> simply to allow the Samba server to create them as needed when the client
> is joined to the domain.
> add machine script = /usr/sbin/useradd −d /var/lib /nobody −g 100 −s /bin/false −M %u
> It's for a RedHat configuration and mine is a Debian Etch.
> I search the good script to enter automaticly the machines on samba, it's simple.
The point is, %anything is not recognised inside a script.
But, yes, adduser is a little different in Debian, it doesnt have "-M"
option, for example.
If you look at "Samba by Example" you will find something like that:
add machine script = /usr/sbin/useradd -s /bin/false/ -d /dev/null '%u'
Doesnt REALLY matters what you put in some options, using the above line
and Debian defaults (in /etc/adduser.conf) you will create an account
with no shell, no home and belonging to the group 100 (users), the first
system group in Debian.
This is the only work that must be done by the add machine script here,
the samba account will be created when the client is joined (with the
root account or any other account that have privileges to do that).
>> Search about "privileges" and the option "enable privileges = yes" in
>> the docs. This option make the users operations be executed as root on
>> the share only.
> I'm not here yet but i will see for that. Thank
This is used to configure accounts other that root to join clients, for
>> Well, seams pretty obvious that you must be a local administrator of the
>> machine to change any network setting. Or you can search how to change
>> the Windows policies to allow other users to do what you want.
> I don't want configure all the windows in my share to enter the root as local administrator. Like the option group "Local administrator" on a Windows Serveur, I want my personnal account be a share AND local administrator on all the machine.
I dont understood what do you mean by "your share", but... If you dont
want to enter with a local administrator account to manage network
settings and domain join/unjoin, you can put the users inside the group
"Domain Administrators" that this group will be added to the local
administrators group of the machine when joined, well, it depends of how
did you created your default groups and SIDs. Or create a group in samba
put some users inside it an make this group belong to the local
administrator group in every machine, then the domain accounts will have
local administrative right in those workstations. Simple.
Edmundo Valle Neto
More information about the samba