Am Tuesday 14 April 2009 23:42:58 schrieb MargoAndTodd: > Hi All, > > Just a bit of PDC confusion on my part. > > 1) I do not give machine names a password. Am I > correct? > Yes, the machine password is "machine-generated" at the time a machine is joined to the domain.
> 2) I am presuming that machine names are used to > limit what machine user names can have access to > to the samba server. If Foo has an smb username > and computer A has a machine name, but computer B > does not, then Foo can enter only through computer > A. Am I correct? > No. Or "depends" upon setup. A machine account is established when joining the machine to the domain. It involves a trust relationship, which means only domain member clients do not need local user accounts. With a local user account matching the domain account details, Foo may enter through B as well (the "user trust" still established). But then, Bar who has a domain account and can logon on A and C, may still not do so on B unless he posesses permissions to create a local user account. Once Foo or Bar change password on a domain member computer, it is changed on all other domain members as well - but not on Computer "B" ... > 3) If I am correct on #2 above, the machines that > do not have a samba user can get around this by > entering as a workgroup. Am I correct? > Not even necessary, but helpful for browsing. > 4) When joining a domain, the user name and password > requested is the root's or whatever alias that smbusers > points to and not the machine's name. Am I correct? > Mostly. Not smbusers, but groupmap will define members of the domain admins group (which then are able to join machines to the domain). -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba