Menu
▾
▴
[webmin-l] Users and Groups module - Problem with Samba "Machine Trust Accounts"
|
From: William A. <waa...@re...> - 2005-12-07 00:43:22
|
BTW, as always, I feel the need to thank you Jamie - and everyone who has contributed - for Webmin and all associated modules. OK, Now that the buttering up is done with... :) Just kidding - The compliments are sincere. Recently, it has come to my attention that, at two of my clients running Samba on Linux with Webmin as their "admin" interface they can no longer add XP machines to their domains. Well, this is not entirely true... They are able to _ADD_ XP machines to the domain the way they always have using Webmin's Users and Groups module - and they are able to successfully _JOIN_ the machine to the domain just like before. BUT, after the machine successfully joins the domain and gets the "Welcome to the XYZ domain" message, they are not able to log onto the domain and are told that the domain controller may not be available, or that the machine may not exist in the domain. After doing some research I have found that when they create a machine trust account as they always have in Webmin's Users and Groups module: - Create new user - Username is the machine name with a $ appended to it: eg xpmachine$ - Password is irrelavent - Home dir is not important so we use /home/machines/machinename$ ...I see that the user (machine) account is created fine in the /etc/passwd file and the home directory is created, BUT on inspecting Samba's smbpasswd file (yeah... I know... moving to LDAP soon) the account's FLAGS are: [U ] ---> A User Account when they SHOULD be [W ] ---> A Workstation Trust Account As I stated above, even with the User Account flag in the smbpasswd file instead of a Workstation Trust Account flag, the XP machine successfully JOINS the domain, but is unable to log in. Further testing shows that if I add a machine trust account by using these two simple command at a shell prompt everything works fine: # useradd -d /home/machines/xpmachine$ -s /bin/false -c "machine trust \ account via cmdline" -g machines -m xpmachine$ # smbpasswd -a -m xpmachine$ The machine joins, and users are able to log into the domain. One thing I noticed about this manually added user (machine trust account) though: In the Webmin Users and Groups module, the xpmachine$ account is ITALLICISED in the listing while all other users (created with webmin) are normal text. Any thoughts, comments, questions? I'd LOVE to get this fixed so that my clients are able to once again administer their own XP workstations with Webmin. I am willing to provide any additional information neccessary... Thanks! - Bill Arlofski Reverse Polarity 860-824-2433 email: waa...@re... jabber: wa...@ja... |
