Greg, I don't quite understand this concept of Samba removing a machine account from the domain when that machine leaves the domain. From what I have observer with a small WinNT domain with a WinNT 4.0 Server acting as the PDC, client machines can "leave the domain" i.e. change to a workgroup, but the computer account is still listed under the Server Manager, and that same computer can re-join the domain as if nothing had been changed. While I was looking for info on Samba's add user script to get it working, I came across the delete user script, which I figured could be useful tool to clean up the machine accounts on the Samba server when computers leave, but then I figured, how would the server know that the machine had left the domain. AFAIK, there isn't any communication between the client leaving the domain and the server controlling the domain. Another thing to consider is that Samba is using scripts for users to control both user and machine accounts, so I'm not sure what would prompt samba to execute a delete user script.
Also, as a side point, it is not Samba that adds the trailing $, but Windows. This is how they designate hidden shares, and the %u value samba uses is taken directly from the information supplied to it by Windows. The trouble we've been having is that the machine-account-create script was adding a trailing $ to the entry in smbpasswd, giving us machinename$$. Now that some of these issues are worked out "the e-smith way", you should be able to have user greg and machine greg$ without any trouble. Just some food for thought. David M. Brown Frick, Frick & Jett� Architects [EMAIL PROTECTED] -----Original Message----- From: Greg J. Zartman [mailto:[EMAIL PROTECTED]] Sent: Friday, September 28, 2001 5:19 AM To: Dan Brown Cc: e-smith-devinfo Subject: RE: [e-smith-devinfo] My Samba howtos In the near future, Samba will likely have the ability to remove machine accounts when a machine leaves the domain, thus creating a "hole" in the SME user account structure. -- Please report bugs to [EMAIL PROTECTED] Please mail [EMAIL PROTECTED] (only) to discuss security issues Support for registered customers and partners to [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org
