[Samba] Setting uidNumber for machine accounts

Marco Gaiarin gaio at sv.lnf.it
Fri Feb 14 08:25:38 UTC 2020

Mandi! Jonathon Reinhart via samba
  In chel di` si favelave...

> I understand the OP in this post [2] had the following use case: A
> startup script uses the computer account to access a samba server.

More specifically: if you need that ''services'' (or more generally:
'things that run on SYSTEM account') have access to your share, Windows
client OS automatically do/try an access to the share with the machine

Eg, client 'translate' SYSTEM account to machine credential access.

> 1. Which groups should or should not be assigned gidNumber? The issue
> [1] indicates that "Domain Computers" should indeed have gidNumber.

I have uidNumber assigned to my PCs, and clearly gidNumber assigned to
'Domain Computers'.

> 2.  What other use cases are there for winbind needing to know about
> computer accounts?
>  Is it just Samba file servers? If so, are there other cases where the
> computer account is authenticating?
>  Or should a DC (with "idmap_ldb:use rfc2307 = yes") also need to see
> computer accounts (e.g. in wbinfo -u)?

AFAIK no; i use also machine account for wireless authentication via
radius, but clearly this have nothing to do with filesystem, and so
nothing to do with uid/gid assignment.

So, also for me, this is needed for just 'Samba file server'.

dott. Marco Gaiarin				        GNUPG Key ID: 240A3D66
  Associazione ``La Nostra Famiglia''          http://www.lanostrafamiglia.it/
  Polo FVG   -   Via della Bontà, 7 - 33078   -   San Vito al Tagliamento (PN)
  marco.gaiarin(at)lanostrafamiglia.it   t +39-0434-842711   f +39-0434-842797

	(cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)

More information about the samba mailing list