Win2k Domain logon RPC Code

Andrew Bartlett abartlet at
Thu May 10 13:11:35 GMT 2001

Jason Coene wrote:
> Samba Team,
> As it stands, I can have Win2k workstations to log into a samba domain,
> however they must specify the root username and password in able to join
> into the domain. There must be a better way. I have searched the RPC code
> briefly, and did not see a common function where this is controlled. I would
> love to help improve this code. Any pointers to which portion(s) of the code
> deal with joining the domain?
> Regards,
> Jason

See rpc_server/srv_samr_nt.c:_api_samr_create_user()

It looks like we just need to do exactly the oppisite to what the
comment says, ie add the become_root() unbecome_root(), but just add a
check that the user is a domain admin.  We should also create a new
paramater in smb.conf, 'add machine account script', so new machines and
users are done differently.

I don't mind helping out with some of the implementaion/testing, as this
is one of the things that rather interests me - I would prefer never to
login to samba as root.

If there are any traps in this, could the relevent person give a yell

Andrew Bartlett
abartlet at

Andrew Bartlett
abartlet at

More information about the samba-technical mailing list