[Samba] Samba as PDC questions

[David Wright]

I have Samba working nicely so that Win2K users in our organization can
mount their Unix home directories as Samba shares using their Unix
passwords.

Now I would like to go further, allowing anyone in our organization to
plop down a Win2K workstation and have it join our (Samba-controlled)
domain. Then any person in our organization could walk up to the
workstation, log in using his Unix password, and be presented with his
Unix home directory.

I tried to do this by following the "Samba as PDC" tutorial published by
IBM developerworks, but I ran into problems. I can't create machine
accounts beforehand, because I don't know (and don't care) what machines
will be joining the domain. And when I try to join a Win2K workstation to
the domain, it demands a username/password and then complains about having
insufficient privilege. I want all users to have sufficient privleges to
join any machine to the domain. How do I acomplish this?

Am I missing some security consideration here? Since, unlike NFS, a
Windows file server does not trust the client to authenticate the user, I
don't see why I should limit which machines can join my domain.

Also, can I get away without [netlogon] stuff? I don't have any scripts
that I want executed at logon, at least none that I know of.