[Samba] Enter or quit a samba's domain in pdc

Edmundo Valle Neto edmundo.valle at terra.com.br
Mon Apr 23 14:59:32 GMT 2007 

BACQUEZ escreveu:
> >From : Edmundo Valle Neto
>   
>> The point is, %anything is not recognised inside a script.
>> But, yes, adduser is a little different in Debian, it doesnt have "-M" 
>> option, for example.
>> If you look at "Samba by Example" you will find something like that:
>>
>> add machine script = /usr/sbin/useradd -s /bin/false/ -d /dev/null '%u'
>>     
>
>
> "add machine script = /usr/sbin/useradd -s /bin/false/ -d /dev/null '%m'"
> Work. But one thing : you must put this line in the first line of [global],
> or the script will be done after the domain's enter try.
> Thank you.
>   

The order of the lines inside a section doesnt make difference.

And read that about %m: 
http://lists.samba.org/archive/samba/2005-November/114366.html
Again, the history of the list is very usefull, and you should expect 
correct information when you see something posted by any developer :)

>   
>> This is the only work that must be done by the add machine script here, 
>> the samba account will be created when the client is joined (with the 
>> root account or any other account that have privileges to do that).
>>     
>
>
>   
>> This is used to configure accounts other that root to join clients, for 
>> example.
>>     
>
> I will try this line today.
>
>
>
>   
>> I dont understood what do you mean by "your share", but... 
>>     
>
> Share = domain.. sorry i twas a mistake.
>
>
>   
>> If you dont 
>> want to enter with a local administrator account to manage network 
>> settings and domain join/unjoin, you can put the users inside the group 
>> "Domain Administrators" that this group will be added to the local 
>> administrators group of the machine when joined, well, it depends of how 
>> did you created your default groups and SIDs. Or create a group in samba 
>> put some users inside it an make this group belong to the local 
>> administrator group in every machine, then the domain accounts will have 
>> local administrative right in those workstations. Simple.
>>     
>
> If i understand what you say, I have to create a group who I put the users.
> But how can i attribute the local administrator for this group?
>   

When you join a workstation in a domain you will must have a local 
administrator account on that machine as the machine doesnt know of 
domain accounts. About the group, you will not attribute anything, a 
group (normally called Domain Administrators) with the right SID (that 
is one of the "well known domain groups") is inserted automatically in 
the "Administrators" group locally on the machine when joined into the 
domain, or you can make it by hand with any group you want (putting that 
group inside the "Administrators" group of the machine).


Edmundo Valle Neto

More information about the samba mailing list