[Samba] Workstaion trust account

Andrew Bartlett abartlet at samba.org
Wed Jan 24 20:38:54 GMT 2007 

On Wed, 2007-01-24 at 17:09 +0100, sermodi wrote:
> Andrew Bartlett skrev:
> > On Tue, 2007-01-23 at 17:50 +0000, Cardon Denis wrote:
> >   
> >> Hi sermodi,
> >>     
> >>> I'm having a problem adding a W2K workstaion to the domain samba+ldap. 
> >>> I can
> >>> add it by logging with the local administartor then add to domain, but I
> >>> would like to do it without doing it manually on every workstation. Have
> >>> hundrads of workstations, I tried to add them by using smbldap scripts 
> >>> and I
> >>> get an entry for the workstation but it still don't work. Is it even
> >>> possible to only add a trust account on the PDC or do I have to do it 
> >>> from
> >>> the windows client?
> >>>       
> >> adding a workstation throught the windows "join a domain" gui does some 
> >> configuration change on the host computer. Modifying is not enough, in 
> >> any case you'll have to do a few thing on the windows box. However there 
> >> a few command line tools available from MS for joining a domain, so you 
> >> can write a small script to add the boxes.
> >>     
> >
> > There is an RPC to do this (wkssvc_NetrJoinDomain2), but we never spent
> > enough time to figure out the crypto.  The 524 byte password buffer
> > looks like one of the existing uses of this kind of buffer (like SAMR),
> > but that didn't apparently work.
> >
> > Andrew Bartlett
> >
> >   
> Thanks for the reply.
> About the client modification, on an existing (by existing I mean a 
> workstaion that have been trusted previously on another PDC, a NT4) the 
> client has already a password configured to the domain, the domain name 
> is the same and a net vampire have been done on the NT4. So what is the 
> different between the challenge made to NT4 and the one made to to the 
> new samba PDC?

The whole purpose of the vampire process is that you should not have to
rejoin machines.  If you are forced to rejoin a machine when vampiring
NT4, then it's a bug.

Andrew Bartlett

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Red Hat Inc.                  http://redhat.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20070125/a2931868/attachment.bin

More information about the samba mailing list