[Samba] Setting uidNumber for machine accounts
rpenny at samba.org
Fri Feb 14 17:51:46 UTC 2020
On 14/02/2020 17:42, Kris Lou via samba wrote:
>> I was aware that computer accounts were also users in AD, but I hadn't
>> considered assigning a uidNumber to them. It makes sense that winbind
>> (in idmap="ad" mode) would not "see" the accounts with a uidNumber.
>> Naturally, groups of which the computer accounts are members would
>> need gidNumber assigned as well.
> This is interesting. I also have a similar use case in that my computer
> accounts (as SYSTEM) access a share for deployment purposes (via WPKG).
> However, I use "idmap=rid", so avoid this pitfall. (And a good thing,
> too. I don't know if I would've made the connection about a missing
> But to maintain consistency with other idmap options (and to reduce the,
> well, "oh, I missed that"), I think it would be helpful to add to your
> Note to self: read more carefully.
The thing that everyone misses, in AD a computer is just a user with an
extra objectclass ;-)
More information about the samba