Manual Creation of Machine Trust Accounts
The first step in manually creating a Machine Trust Account is to manually
create the corresponding UNIX account in
This can be done using
or another “adduser” command
that is normally used to create new UNIX accounts. The following is an example for
a Linux-based Samba server:
/usr/sbin/useradd -g machines -d /var/lib/nobody \
In the example above there is an existing system group “machines” which is used
as the primary group for all machine accounts. In the following examples the “machines” group
numeric GID is 100.
On *BSD systems, this can be done using the
chpass -a \
/etc/passwd entry will list the machine name
with a “$” appended, and will not have a password, will have a null shell and no
home directory. For example, a machine named “doppy” would have an
/etc/passwd entry like this:
can be any
descriptive name for the client, such as BasementComputer.
absolutely must be the NetBIOS
name of the client to be joined to the domain. The “$” must be
appended to the NetBIOS name of the client or Samba will not recognize
this as a Machine Trust Account.
Now that the corresponding UNIX account has been created, the next step is to create
the Samba account for the client containing the well-known initial
Machine Trust Account password. This can be done using the
as shown here:
smbpasswd -a -m
is the machine's NetBIOS
name. The RID of the new machine account is generated from the UID of
the corresponding UNIX account.