How do I allow domain controllers to create machine trust accounts on-the-fly under RHEL CentOS Linux version 5.x?
You can configure samba such way to create machine trust accounts on-the-fly. You need need to add or modify an add machine script entry to the [global] section of /etc/samba/smb.conf to allow samba to dynamically create Machine Trust Accounts. Edit /etc/samba/smb.conf, enter:
# vi /etc/samba/smb.conf
Find Out [global] section and update it as follows:
[global] add machine script = /usr/sbin/useradd -n -g machines -d /dev/null -s /sbin/nologin %u
Save and close the file. Type the following command to create machines group:
# groupadd machines
Restart samba service:
# service smb restart
On a Samba PDC, two accounts must be created. The first is the local machine account, and the second is the Samba account. For security purposes, it is recommended to let Samba create these accounts on-the-fly.