Am Tuesday 14 April 2009 23:42:58 schrieb MargoAndTodd:> Hi All,
>
> Just a bit of PDC confusion on my part.
>
> 1) I do not give machine names a password. Am I
> correct?
>
Yes, the machine password is "machine-generated" at the time a machine
is
joined to the domain.
> 2) I am presuming that machine names are used to
> limit what machine user names can have access to
> to the samba server. If Foo has an smb username
> and computer A has a machine name, but computer B
> does not, then Foo can enter only through computer
> A. Am I correct?
>
No. Or "depends" upon setup. A machine account is established when
joining the
machine to the domain. It involves a trust relationship, which means only
domain member clients do not need local user accounts.
With a local user account matching the domain account details, Foo may enter
through B as well (the "user trust" still established).
But then, Bar who has a domain account and can logon on A and C, may still not
do so on B unless he posesses permissions to create a local user account.
Once Foo or Bar change password on a domain member computer, it is changed on
all other domain members as well - but not on Computer "B" ...
> 3) If I am correct on #2 above, the machines that
> do not have a samba user can get around this by
> entering as a workgroup. Am I correct?
>
Not even necessary, but helpful for browsing.
> 4) When joining a domain, the user name and password
> requested is the root's or whatever alias that smbusers
> points to and not the machine's name. Am I correct?
>
Mostly. Not smbusers, but groupmap will define members of the domain admins
group (which then are able to join machines to the domain).