[Samba] How to add a client to a domain?

quiztli at lavabit.com quiztli at lavabit.com
Wed Jun 19 00:02:02 MDT 2013


I checked smb.conf file and didn't find any entry enabling 'window
privileges', "enable privileges = yes". Adding a client to a domain seems
like it doesn't require this then? Will samba use another sort of account
rights-system lacking this?
At a glance it appears to me that the thought-up scheme of adding clients
might be to just create the accounts for it and then it can join the
domain, however the prompt I get obviously indicates that there's
something not quite right.

I'll attach the smb.conf file for the server.

>You should use either root or administrator (depending on your setup),
however, any user with the SeMachineAccountPrivilege
http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/rights.html
will be able to add machines to the domain (root just has all of the Se
privileges by default)
>
>Ricky
>
>On Tue, Jun 18, 2013 at 4:03 AM, <quiztli at lavabit.com> wrote:
>Thanks for your advice René. I checked the two clients and the one that is
>already part of the domain did have these entries. The client I'm trying
>to connect didn't so I added them.
>
>I restarted the client and tried to join it into the domain. I still get a
>promt for an user and account that can join/connect to the domain. What
>sort of account should be given here?
>I've tried a few combinations but none succeeded. The documentation I
>referred to earlier brings up a few alternative approaches, one being "a
>Samba account that has root privileges on the Samba server".
>
>Just to point out: Besides the "actual" domain the clients are part of
>there also seems to be a domain solely for the server (the server is named
>FOOBAR and there's a corresponding FOOBAR domain)
>
>>Hi,
>>did you change the registry of your Windows 7 Client?
>>Windows Registry Editor Version 5.00
>>
>>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Parameters]
>>"DomainCompatibilityMode"=dword:00000001
>>"DNSNameResolutionRequired"=dword:00000000
>>
>>Sounds a lot like you did not.
>>
>>
>>
>>Am 18.06.2013 08:03, schrieb quiztli at lavabit.com:
>>> Hello
>>>
>>> I have recently "inherited" a small domain consisting of a linux
>>> server running samba 3.6 and one client computer running Windows 7
>>>
>>> I want to add another client (also running Windows 7) to the domain.
>>> Previously adding clients has been done by manually creating a linux
>>> machine account and samba account.
>>>
>>> I have created the accounts for the new client but when I try to
>>> configure it to be part of the domain a window pops up prompting for
>>> an account and password "that can join the domain". I don't really
>>> know what to enter here and I am unable to add the machine.
>>>
>>> Quoting from the documentation:
>>> http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/domain-memb
>>> er.html#machine-trust-accounts
>>>
>>> "When the user elects to make the client a domain member, Windows 200x
>>> prompts for an account and password that has privileges to create
>>> machine accounts in the domain."
>>>
>>> "A Samba administrator account (i.e., a Samba account that has root
>>> privileges on the Samba server) must be entered here; the operation
>>> will fail if an ordinary user account is given. The necessary
>>> privilege can be assured by creating a Samba SAM account for root or
>>> by granting the SeMachineAccountPrivilege privilege to the user account."
>>>
>>> What should I do sucessfully add the client to the domain?


More information about the samba mailing list