[Samba] On Machine Accounts

[Andrew Bartlett]

On Fri, 2006-10-06 at 12:32 -0400, Yannick Gingras wrote:
> I have a few (~20) workstations dual booted with GNU/Linux and Windows
> XP.  When configuration changes on these systems (about once a month)
> I deploy a full disk image with UDPcast [1].  Unlike recent versions
> of Norton Ghost, UDPcast have no post-deploy option to change the
> machine name and/or trust account.  Most of the time those systems are
> running on GNU/Linux and only occasionally will two of those be
> running Windows at the same time.
> 
> [1]: http://www.udpcast.linux.lu/
> 
> The file server is a Debian GNU/Linux system running LDAP, NFS and
> Samba.  Since I deploy new images often I would like to avoid any
> manual setup on each system.  On GNU/Linux I can auto-detect the
> hostname early in the boot process and set it transparently.  I
> haven't found a way to do that on Windows though.  Authentication with
> Samba running as a PDC is working fine and pam is set to keep the
> GNU/Linux and Samba passwords in sync.
> 
> The only part that annoys me with this setup is the machine accounts.
> Is the machine account.  Is it possible to configure Samba to
> completely ignore the machine account?  Would there be major problems
> in doing this?  So far I don't see any advantage in using a machine
> account.  All the user accounts are password protected and the Samba
> server only allows connection from a narrow IP range.

You can't do a domain logon without a machine account.  You could set
them up as just standalone workstation however. 

Andrew Bartlett

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org