Menu
▾
▴
Re: [webmin-l] Users and Groups module - Problem with Samba "Machine Trust Accounts"
|
From: Craig W. <cra...@az...> - 2005-12-07 00:57:54
|
On Tue, 2005-12-06 at 19:43 -0500, William Arlofski wrote: > BTW, as always, I feel the need to thank you Jamie - and everyone who > has contributed - for Webmin and all associated modules. > > OK, Now that the buttering up is done with... :) > > Just kidding - The compliments are sincere. > > > > Recently, it has come to my attention that, at two of my clients running > Samba on Linux with Webmin as their "admin" interface they can no longer > add XP machines to their domains. > > Well, this is not entirely true... They are able to _ADD_ XP machines to > the domain the way they always have using Webmin's Users and Groups > module - and they are able to successfully _JOIN_ the machine to the > domain just like before. > > BUT, after the machine successfully joins the domain and gets the > "Welcome to the XYZ domain" message, they are not able to log onto the > domain and are told that the domain controller may not be available, or > that the machine may not exist in the domain. > > After doing some research I have found that when they create a machine > trust account as they always have in Webmin's Users and Groups module: > > - Create new user > - Username is the machine name with a $ appended to it: eg xpmachine$ > - Password is irrelavent > - Home dir is not important so we use /home/machines/machinename$ > > ...I see that the user (machine) account is created fine in the > /etc/passwd file and the home directory is created, BUT on inspecting > Samba's smbpasswd file (yeah... I know... moving to LDAP soon) the > account's FLAGS are: > > [U ] ---> A User Account > > when they SHOULD be > > [W ] ---> A Workstation Trust Account > > > As I stated above, even with the User Account flag in the smbpasswd file > instead of a Workstation Trust Account flag, the XP machine successfully > JOINS the domain, but is unable to log in. > > > Further testing shows that if I add a machine trust account by using > these two simple command at a shell prompt everything works fine: > > # useradd -d /home/machines/xpmachine$ -s /bin/false -c "machine trust \ > account via cmdline" -g machines -m xpmachine$ > > # smbpasswd -a -m xpmachine$ > > The machine joins, and users are able to log into the domain. One thing > I noticed about this manually added user (machine trust account) though: > > In the Webmin Users and Groups module, the xpmachine$ account is > ITALLICISED in the listing while all other users (created with webmin) > are normal text. > > Any thoughts, comments, questions? I'd LOVE to get this fixed so that > my clients are able to once again administer their own XP workstations > with Webmin. > ---- man smb.conf ( presumption is samba > 3.0.0 ) add machine Example: add machine script = /usr/sbin/adduser -n -g machines -c \ Machine -d /dev/null -s /bin/false %u Why would you just use a script and add machines on the fly? Why would you use a real home directory for a user that clearly would never need one? (-d /dev/null) Craig |
