thr3ads.net - samba - [Samba] Default "Domain Computers" group mapping with samba 3 [Aug 2006]

If this information is useful, please help other people find it:
Share via:

Gianluca Cecchi

2006-Aug-10 15:27 UTC

[Samba] Default "Domain Computers" group mapping with samba 3

Hello all,
I'm using samba 3 as a pdc on CentOS 3.7 (package is
samba-3.0.9-1.3E.7 based on 3.0.9 + rh patches)
I would like to recevive some clarification about predefined "Domain
Computers" group in Samba 3, as I didn't find complete information
about this in various documents.
It is stated as a well known but not essential entity  inside samba
documentation.

Is it correct to say that in samba  when I create a machine account I
have to create a corresponding user in Linux with the final $ into the
name, and so when this machine joins the domain, is automatically seen
as inside the "Domain Computers" group, or not?
It doesn't seem so, as the group mapping is not by default in place.

I found links regarding remote management for joining domains, using
the "add machine script " entry in smb.conf.
Typical examples are with useradd or adduser utilities. I found that
one suitable could be for example:
add machine script =  /usr/sbin/adduser -n -M -g machines  -c Machine
-d /dev/null -s /bin/false %u

And this implies that I have pre-created a Linux group named
"machines", but this group seems to not have any kind of importance,
or not?

Is it so formally correct to map the Linux "machines" group to the
"Domain Computers" group?
If I write
net groupmap modify ntgroup="Domain Computers" unixgroup=machines 
type=d
I get the error
NT Group Domain Computers doesn't exist in mapping DB
while if I write
net groupmap add ntgroup="Domain Computers" unixgroup=machines rid=515
type=d
I get
Successully added group Domain Computers to the mapping db
and then
net groupmap list
gives:
System Operators (S-1-5-32-549) -> -1
Replicators (S-1-5-32-552) -> -1
Guests (S-1-5-32-546) -> -1
Domain Users (S-1-5-21-213297883-3554893867-145480655-513) -> users
Domain Guests (S-1-5-21-213297883-3554893867-145480655-514) -> nobody
Power Users (S-1-5-32-547) -> -1
Print Operators (S-1-5-32-550) -> -1
Administrators (S-1-5-32-544) -> -1
Domain Computers (S-1-5-21-213297883-3554893867-145480655-515) -> machines
Account Operators (S-1-5-32-548) -> -1
Backup Operators (S-1-5-32-551) -> -1
Users (S-1-5-32-545) -> -1
Domain Admins (S-1-5-21-213297883-3554893867-145480655-512) -> ntadmin

Thanks in advance for your comments and help.

Gianluca

Maybe Matching Threads

Search for more maybe matching threads

samba - Aug 2006 - Default "Domain Computers" group mapping with samba 3

[Samba] Default "Domain Computers" group mapping with samba 3

Maybe Matching Threads

Wisdom of the Ancients