Windows Domain Client on Samba PDC
| 
Using a Linux samba server as an NT-style Domain controller (PDC) requires that you create a machine account in both the /etc/passwd file and the /etc/samba/smbpasswd file. There is a way to have machines automatically create their accounts (with proper setup in /etc/samba/smb.conf file and NOT covered here), or you can create machine accounts as follows:
useradd -g 100 -d /dev/null -c machinename -s /bin/false machinename$
passwd -l machinename$
smbpasswd -a -m machinename
Note: the $ at the end of the useradd and the passwd commands is mandatory and must not appear at the end of the smbpasswd cmd. machinename is the PC's windows machine name.
Note: you can create a linux shell script to create a machine account. The script should look like:
#!/bin/sh
# addmachine
# add samba machine account to passwd and smbpasswd files
#
#remove any $ specified on the command line (we will add it when required!)...
machinename=`echo $1|sed 's/\$//g'`
#set the machinegroup
machinegroup=600
/usr/sbin/useradd -g $machinegroup -d /dev/null -c $machinename -s /bin/false $machinename$
passwd -l $1$
smbpasswd -a -m $1
This file needs to be executable:
chmod 711 addmachine.
It is then invoked as:
addmachine machinename
(e.g. addmachine mypc1)
When you are done, you will see a line in /etc/passwd for machinename$ and a line in /etc/samba/smbpasswd for machinename$
N.B. If you just run useradd without setting the group number to 100, the default dir to the bit bucket (/dev/null) and the default login shell to /bin/false (so that no one can explicitly log into this account and run programs as a regular user), then you will have accounts that people could log into without a password being set. This is not a good idea in general because people could guess the account from knowing PC machine names.
/usr/sbin/useradd -g $machinegroup -d /dev/null -c $machinename -s /bin/false $machinename$
passwd -l $1$
smbpasswd -a -m $1
This file needs to be executable:
chmod 711 addmachine.
It is then invoked as:
addmachine machinename
(e.g. addmachine mypc1)
When you are done, you will see a line in /etc/passwd for machinename$ and a line in /etc/samba/smbpasswd for machinename$
N.B. If you just run useradd without setting the group number to 100, the default dir to the bit bucket (/dev/null) and the default login shell to /bin/false (so that no one can explicitly log into this account and run programs as a regular user), then you will have accounts that people could log into without a password being set. This is not a good idea in general because people could guess the account from knowing PC machine names.