[Samba] Setting uidNumber for machine accounts
Marco Gaiarin
gaio at sv.lnf.it
Fri Feb 14 08:25:38 UTC 2020
Mandi! Jonathon Reinhart via samba
In chel di` si favelave...
> I understand the OP in this post [2] had the following use case: A
> startup script uses the computer account to access a samba server.
More specifically: if you need that ''services'' (or more generally:
'things that run on SYSTEM account') have access to your share, Windows
client OS automatically do/try an access to the share with the machine
credential.
Eg, client 'translate' SYSTEM account to machine credential access.
> 1. Which groups should or should not be assigned gidNumber? The issue
> [1] indicates that "Domain Computers" should indeed have gidNumber.
I have uidNumber assigned to my PCs, and clearly gidNumber assigned to
'Domain Computers'.
> 2. What other use cases are there for winbind needing to know about
> computer accounts?
> Is it just Samba file servers? If so, are there other cases where the
> computer account is authenticating?
> Or should a DC (with "idmap_ldb:use rfc2307 = yes") also need to see
> computer accounts (e.g. in wbinfo -u)?
AFAIK no; i use also machine account for wireless authentication via
radius, but clearly this have nothing to do with filesystem, and so
nothing to do with uid/gid assignment.
So, also for me, this is needed for just 'Samba file server'.
--
dott. Marco Gaiarin GNUPG Key ID: 240A3D66
Associazione ``La Nostra Famiglia'' http://www.lanostrafamiglia.it/
Polo FVG - Via della Bontà, 7 - 33078 - San Vito al Tagliamento (PN)
marco.gaiarin(at)lanostrafamiglia.it t +39-0434-842711 f +39-0434-842797
Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA!
http://www.lanostrafamiglia.it/index.php/it/sostienici/5x1000
(cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)
More information about the samba
mailing list