[Samba] Joining an AD domain without password

Andreas andreas at conectiva.com.br
Mon Sep 13 19:42:04 GMT 2004

On Mon, Sep 13, 2004 at 10:57:22AM -0300, Andreas wrote:
> samba-3.0.6, win2k will all patches from windowsupdate as of last
> friday
> Should it be possible to join an AD domain (win2k) without a password
> on the client side if the machine is already created in the ou=Computers
> container? I seem to be unable to do this: either "net ads join" will ask
> for a password or it will try with the current user's kerberos ticket and
> fail if this user doesn't have the right privileges.
> This seemed to work with "net rpc join" when win2k is not in its native mode.
> Am I missing something?

When I created the computer account in w2k, I selected the "Authenticated users"
to be permitted to join the machine to the domain. From a winxp pro workstation,
I could use any user to perform the joining, but from samba only administrators
or members of the account operators group could join the domain. Is samba doing
something differently that I'm not aware of?

More information about the samba mailing list