[Samba] disable automatic creation of computer accounts

[Angel Bosch Mora]

> Alter your script so that it does what it does now, plus joins the
> machine and run it on the machine to be joined. Or you could script
> around 'net ads join' and only attempt the join if the computer
> already
> exists in AD.
>

First part (new computer script) is already done and it runs supervised by some sysadmins.

Second part (join domain) is done by some low profile assistants, and for security reasons we need that no one adds a machine by mistake or intentionally.

In Samba 3 (NT4 PDC style) it was enough with modifying "add machine script" parameter, but I've been testing different settings without success.


And I know is a common policy in some environments:
https://social.technet.microsoft.com/Forums/windowsserver/en-US/a2f3f357-0da5-4d41-a5cc-6ab710eb41bf/disable-automatic-computer-object-creation?forum=winserverDS

In that article they discuss about "Add workstations to domain" right.
Can I enforce that via smb.conf or any other setting?

abosch

-- Institut Mallorqui d'Afers Socials. Aquest missatge, i si escau, qualsevol fitxer annex, es dirigeix exclusivament a la persona que n'es destinataria i pot contenir informacio confidencial. En cap cas no heu de copiar aquest missatge ni lliurar-lo a terceres persones sense permis expres de l'IMAS. Si no sou la persona destinataria que s'hi indica (o la responsable de lliurar-l'hi) us demanam que ho notifiqueu immediatament a l'adreca electronica de la persona remitent. Abans d'imprimir aquest missatge, pensau si es realment necessari.