Samba: Allow Domain Controllers Create Machine Trust Accounts On-the-Fly

Posted on in Categories , , , , , last updated August 16, 2009

How do I allow domain controllers to create machine trust accounts on-the-fly under RHEL CentOS Linux version 5.x?

You can configure samba such way to create machine trust accounts on-the-fly. You need need to add or modify an add machine script entry to the [global] section of /etc/samba/smb.conf to allow samba to dynamically create Machine Trust Accounts. Edit /etc/samba/smb.conf, enter:
# vi /etc/samba/smb.conf
Find Out [global] section and update it as follows:

    [global]
      add machine script = /usr/sbin/useradd -n -g machines -d /dev/null -s /sbin/nologin %u

Save and close the file. Type the following command to create machines group:
# groupadd machines
Restart samba service:
# service smb restart
On a Samba PDC, two accounts must be created. The first is the local machine account, and the second is the Samba account. For security purposes, it is recommended to let Samba create these accounts on-the-fly.

Posted by: Vivek Gite

The author is the creator of nixCraft and a seasoned sysadmin and a trainer for the Linux operating system/Unix shell scripting. He has worked with global clients and in various industries, including IT, education, defense and space research, and the nonprofit sector. Follow him on Twitter, Facebook, Google+.

Leave a Comment