Follow Techotopia on Twitter

On-line Guides
All Guides
eBook Store
iOS / Android
Linux for Beginners
Office Productivity
Linux Installation
Linux Security
Linux Utilities
Linux Virtualization
Linux Kernel
System/Network Admin
Programming
Scripting Languages
Development Tools
Web Development
GUI Toolkits/Desktop
Databases
Mail Systems
openSolaris
Eclipse Documentation
Techotopia.com
Virtuatopia.com

How To Guides
Virtualization
General System Admin
Linux Security
Linux Filesystems
Web Servers
Graphics & Desktop
PC Hardware
Windows
Problem Solutions
Privacy Policy

  




 

 

Samba HowTo Guide
Prev Home Next

Manual Creation of Machine Trust Accounts

The first step in manually creating a Machine Trust Account is to manually create the corresponding UNIX account in /etc/passwd. This can be done using vipw or another “adduser” command that is normally used to create new UNIX accounts. The following is an example for a Linux-based Samba server:

root# 

/usr/sbin/useradd -g machines -d /var/lib/nobody \
   -c 
"machine nickname"
 \
   -s /bin/false 
machine_name
$ 


root# 

passwd -l 
machine_name
$

In the example above there is an existing system group “machines” which is used as the primary group for all machine accounts. In the following examples the “machines” group numeric GID is 100.

On *BSD systems, this can be done using the chpass utility:

root# 

chpass -a \
'
machine_name
$:*:101:100::0:0:Windows 
machine_name
:/dev/null:/sbin/nologin'

The /etc/passwd entry will list the machine name with a “$” appended, and will not have a password, will have a null shell and no home directory. For example, a machine named “doppy” would have an /etc/passwd entry like this:

doppy$:x:505:100:
machine_nickname
:/dev/null:/bin/false

in which machine_nickname can be any descriptive name for the client, such as BasementComputer. machine_name absolutely must be the NetBIOS name of the client to be joined to the domain. The “$” must be appended to the NetBIOS name of the client or Samba will not recognize this as a Machine Trust Account.

Now that the corresponding UNIX account has been created, the next step is to create the Samba account for the client containing the well-known initial Machine Trust Account password. This can be done using the smbpasswd command as shown here:

root# 

smbpasswd -a -m 
machine_name



where machine_name is the machine's NetBIOS name. The RID of the new machine account is generated from the UID of the corresponding UNIX account.

Samba HowTo Guide
Prev Home Next

 
 
  Published under the terms fo the GNU General Public License Design by Interspire