Jump to content United States-English
HP.com Home Products and Services Support and Drivers Solutions How to Buy
» Contact HP
More options
HP.com home
 HP CIFS Server 3.0g Administrator's Guide version A.02.03.01: HP-UX 11i v1, v2 and v3 > Chapter 4 NT Style Domains

Create the Machine Trust Accounts
» 

Technical documentation

Complete book in PDF
» Feedback
Content starts here

 » Table of Contents

 » Glossary

 » Index

spacerspacerspacer
spacer
spacer
  		 
 

A Machine Trust Account for a Windows Client (Client=member server) on a HP CIFS Server acting as a PDC is simply a user account entry created for a machine. It is denoted by the machine name followed by "$".

For PDCs not using LDAP (default), machine accounts will have entries in both /etc/passwd (unix user accounts) and /var/opt/samba/private/smbpasswd (Windows user accounts).

For PDCs using LDAP, machine accounts will have posixAccount and sambaSamAccount object class entries in a directory server database.

The following steps are used to create a machine account for a Windows Client on a HP CIFS Server acting as a Primary Domain Controller (PDC):

  1. Create the UNIX or POSIX account for a Windows Client:

    • Use the following command to create the POSIX account for a Windows client in the /etc/passwd file if LDAP is disabled:

      $ useradd -c NT_workstation -d /home/temp -s /bin/false client1$

      As an example, the resulting entry in the /etc/passwd file for a client machine named "client1" would be:

      client1$:*:801:800:NT_Workstation: /home/temp:/bin/false

      where 801 is a uid and 800 is the group id of a group called "machines." A uid or group id can be any unique number. You may find that uid values 0 through 100 are considered special, and/or server specific. This may, or may not apply to your system.

      The machine account is the machine's name with a dollar sign character ("$") appended to it. The home directory can be set to /home/temp. The shell field in the /etc/passwd file is not used and can be set to /bin/false.

    • Use the following command to create the posixAccount entry for a Windows client in the LDAP directory if LDAP is enabled:

      $ /opt/ldapux/bin/ldapmodify –a –D “cn=Directory Manager” –w dmpasswd –h ldaphostA –f new.ldif $

      Where LDIF update statements specified in the new.ldif file are added to the LDAP directory server, ldaphostA. The following is an example of LDIF update statements in the new.ldif file:

      dn: uid=client1$ ou=People,dc=hp,dc=com
objectclass: top
objectclass: account
objectclass: posixAccount
homeDirectory: /home/temp
loginShell: /bin/false

      As an example, the resulting entry in the LDAP directory server for a client machine named "client1" would be:

      objectClass: posixAccount
cn: client1$
uid: client1$
uidNumber: 1000
gidNumber: 200
homeDirectory: /home/temp
loginShell: /bin/false
userPassword: {crypt}x
pwdLastSet: 1076466492
logonTime: 0
logofftime: 2147483647
kickoffTime: 2147483647
pwdCanChange: 0
pwdMustChange: 2147483647
rid: 1206
primaryGroupID: 1041
acctFlags: [W          ]
displayName: client1$

  2. Run the smbpasswd program on the Samba PDC server to create the Windows account:

    • Use the following command to add the Windows account for a Windows client to the /var/opt/samba/private/smbpasswd file if LDAP is disabled:

      $ smbpasswd -a -m client1

      An example of the associated machine entry in the /etc/opt/samba/private/smbpasswd file for a client machine named "client1" would be:

      client1$:*801:800:ED816800D0393DAAD3B435B51404EE:321ABEEFE10EC431B9AAFF1A1D0D47:[W ]:LCT-0000000:

    • Use the following command to add the sambaSAMAccount entry for a Windows client to the LDAP directory server if LDAP is enabled:

      For ldapsam_compat backend:

      $ /opt/samba/bin/smbpasswd -a -m client1

      Forldapsam backend:

      $ /opt/samba/bin/smbpasswd -a -m client1

      An example of the associated machine entry in the LDAP directory server for a client machine named "client1" would be:

      objectClass: posixAccount
objectClass: sambaSamAccount
cn: client1$
uid: client1$
uidNumber: 1000
gidNumber: 200
homeDirectory: /home/temp
loginShell: /bin/false
gecos: Samba_Server
description: Samba_Server
userPassword: {crypt}x
pwdLastSet: 1076466492
logonTime: 0
logofftime: 2147483647
kickoffTime: 2147483647
pwdCanChange: 0
pwdMustChange: 2147483647
rid: 1206
primaryGroupID: 1041
lmPassword: E0AFF63989B8FA6576549A685C6AFAF1
ntPassword: E0AFF63989B8FA6576549A685C6AFAF1
acctFlags: [W          ]
displayName: client1$
    NOTE: You can also use utilities including pdbedit, net commands to create the machine trust accounts. The net commands provide numerous new utility operations. For more information on how to create machine trust accounts using pdbedit and net commands, see SWAT help text for pdbedit, net commands.


Domain Member Server
  		 


Configure Domain Users  
Printable version
Privacy statement Using this site means you accept its terms Feedback to webmaster
© 2007 Hewlett-Packard Development Company, L.P.