By default, Samba does not allow domain controllers to create machine trust accounts on-the-fly. However, you can configure Samba to allow domain controllers to create machine trust accounts on-the-fly by following these steps:
- Edit the Samba configuration file
smb.conf:
sudo nano /etc/samba/smb.conf
- Add the following lines to the
[global]section of the file:
allow dns updates = secure
dns forwarder = <IP address of your DNS server>
The allow dns updates = secure option allows domain controllers to create machine trust accounts on-the-fly using secure DNS updates. The dns forwarder option specifies the IP address of your DNS server, which will be used to forward DNS requests that Samba cannot resolve itself.
- Save and close the file.
- Restart the Samba service:
sudo systemctl restart smbd
After completing these steps, domain controllers should be able to create machine trust accounts on-the-fly using secure DNS updates. Be aware that this configuration change may have security implications, and you should ensure that your DNS and Samba configurations are properly secured.