[Samba] where is the machine name used?

Walter Mautner retlaw.rentuam at gmail.com
Wed Apr 15 05:43:43 GMT 2009

Am Tuesday 14 April 2009 23:42:58 schrieb MargoAndTodd:
> Hi All,
> Just a bit of PDC confusion on my part.
> 1) I do not give machine names a password.  Am I
> correct?
Yes, the machine password is "machine-generated" at the time a machine is 
joined to the domain.

> 2) I am presuming that machine names are used to
> limit what machine user names can have access to
> to the samba server.  If Foo has an smb username
> and computer A has a machine name, but computer B
> does not, then Foo can enter only through computer
> A.  Am I correct?
No. Or "depends" upon setup. A machine account is established when joining the 
machine to the domain. It involves a trust relationship, which means only 
domain member clients do not need local user accounts.
With a local user account matching the domain account details, Foo may enter 
through B as well (the "user trust" still established).
But then, Bar who has a domain account and can logon on A and C, may still not 
do so on B unless he posesses permissions to create a local user account.
Once Foo or Bar change password on a domain member computer, it is changed on 
all other domain members as well - but not on Computer "B" ...

> 3) If I am correct on #2 above, the machines that
> do not have a samba user can get around this by
> entering as a workgroup.  Am I correct?
Not even necessary, but helpful for browsing.

> 4) When joining a domain, the user name and password
> requested is the root's or whatever alias that smbusers
> points to and not the machine's name.  Am I correct?
Mostly. Not smbusers, but groupmap will define members of the domain admins 
group (which then are able to join machines to the domain).

More information about the samba mailing list