[Samba] Setting uidNumber for machine accounts

Rowland penny rpenny at samba.org
Fri Feb 14 17:51:46 UTC 2020


On 14/02/2020 17:42, Kris Lou via samba wrote:
>> I was aware that computer accounts were also users in AD, but I hadn't
>> considered assigning a uidNumber to them. It makes sense that winbind
>> (in idmap="ad" mode) would not "see" the accounts with a uidNumber.
>> Naturally, groups of which the computer accounts are members would
>> need gidNumber assigned as well.
>
> This is interesting.  I also have a similar use case in that my computer
> accounts (as SYSTEM) access a share for deployment purposes (via WPKG).
> However, I use "idmap=rid", so avoid this pitfall.  (And a good thing,
> too.  I don't know if I would've made the connection about a missing
> uidNumber.)
>
> But to maintain consistency with other idmap options (and to reduce the,
> well, "oh, I missed that"), I think it would be helpful to add to your
> utility.
>
> Note to self: read more carefully.
> https://wiki.samba.org/index.php/Idmap_config_ad#Prerequisites
>
The thing that everyone misses, in AD a computer is just a user with an 
extra objectclass ;-)

Rowland





More information about the samba mailing list