Is it possible to use Computer Object from AD in permissions?

[friendlyguy]

Hi there!
I am trying to setup a smb share for my failover cluster quorum. (fileshare witness)
In order to allow access for my nodes i need to add computer objects of my cluster nodes to the share and allow full permissions to them.
I couldn`t find a way to add a computer objects only users from ad.
Is this possible? There is a way to do this without computer objects, not a biggie if not.

Kind regards

 

[Samuel Tai]

I think we're limited here by winbind, which only searches the user objects. I suppose it might work if you use the direct SID of the computer object in the ACL, but I don't hold out high hopes. @anodos, would you happen to know?

 

[anodos]

I think we're limited here by winbind, which only searches the user objects. I suppose it might work if you use the direct SID of the computer object in the ACL, but I don't hold out high hopes. @anodos, would you happen to know?

Computer objects have special names ending in $. If you are using the `rid` backend for idmapping, then you can assign permissions to them individually or to the domain computers group in general.
```
root@TN3[~]# getent passwd 'BILLY\TN13TEST$'
BILLY\tn13test$:*:100001653:100000514::/mnt/dozer/TESTDS1/tn13test_:/bin/sh
```