[Samba] Unix user rights to join domain

Olaf Grewe ogrewe at wiwi.hu-berlin.de
Mon Mar 17 20:25:01 GMT 2003


I recently joined a Samba server to a Samba PDC'd domain. It worked rather
smoothly after I figured out that I had to create a root account with
smbpasswd on the Samba PDC. Without it, I was stuck with the following
> smbpasswd -j WHATEVER -r WHOCARES -Uname%password
error setting trust account password: NT_STATUS_ACCESS_DENIED
Unable to join domain WHATEVER

I'd rather prefer to use my domain_adm account for this kind of tasks but
it's obviously lacking sufficient rights (whether on directories and/or
files, I don't know). The domain_adm account is obviously mentioned in the
domain admin group parameter of smb.conf and the machine account was added
to the smbpasswd of WHOCARES beforehand.

My question is: Which rights does an admin account need to be able to join
other machines into a domain? Joining Samba to a Samba PDC'd domain
appears to be faily uncommon, as I didn't find much by searching the
respective lists and groups.


More information about the samba mailing list