I am a little confuse with this option in samba as a PDC.
I have been reading man pages for both smb.conf and useradd and I have a few questions about it
add machine script = /usr/sbin/useradd -c Machine -d /var/lib/nobody -s /bin/false '%u'
The default for useradd in opensuse are:
this means that the add machine script = /usr/sbin/useradd -c Machine -d /var/lib/nobody -s /bin/false '%u' command will create the entry with the machine comment in the password file, will add the new user in the 100 (users) group which is the default and the '%u' will be used to create the machine with the user name, if only root has access rights to join machines to the domain, then all the machines will be created with that name?, where will the machine name take the $ caracter?, I am thinking about adding "-g machines" to the command and create a machines group to add all the pc to that group instead of the users group which is the default.
I read too in the smb.conf man pages the following
add machine script (G)
This is the full pathname to a script that will be run by smbd(8) when a machine is added to SambaŽs domain and a Unix account matching the machineŽs name appended with a "$" does not already exist.
This option is very similar to the add user script, and likewise uses the %u substitution for the account name. Do not use the %m substitution.
Default: add machine script =
Example: add machine script = /usr/sbin/adduser -n -g machines -c Machine -d /var/lib/nobody -s /bin/false %u
so it is not recommended the use of %m which is the opensuse default.
the NetBIOS name of the client machine (very useful).
This parameter is not available when Samba listens on port 445, as clients no longer send this information. If you use this macro in an include statement on a domain that has a Samba domain controller be sure to set in the [global] section smb ports = 139. This will cause Samba to not listen on port 445 and will permit include functionality to function as it did with Samba 2.x.
Thanks for your help
The following substitutes apply only to some configuration options (only those that are used when a connection has been established):
username of the current service, if any.