[Samba] Joining Samba to a non-Samba,non-AD, NT4 Domain

Gémes Géza geza at kzsdabas.sulinet.hu
Fri Feb 11 20:42:14 GMT 2005 

Wes Hardin írta:

> I am a Unix Admin, trying to join a NT4 domain.  I do not have access 
> to the PDC.
>
> When setting up a new machine, either Windows or Unix, on the domain, 
> I ask the NT admins to create a new machine account on the domain for 
> my machine.  I then "associate" my machine with that machine account.  
> I say "associate" because I'm not exactly sure what happens, something 
> about trading secrets and negotiating machine passwords I think.
>
> For my windows machine, this was a very easy process of supplying the 
> domain name, machine name, and my own personal domain login.
>
> For my UNIX machines (both Solaris and Linux), I supplied the domain 
> name, machine name, and my personal login but was denied.  I had to 
> get an NT admin to put in the Domain Administrator password for it to 
> work.
>
> I used the command
>     # net rpc join MEMBER -W DLSMIS -U <my username>
>
> gave my password, and got this back:
>
>     Create of workstation account failed
>     User specified does not have administrator privileges
>     Unable to join domain DLSMIS.
>
> I'm not surprised the create failed, since its already been created 
> before my attempt to join.  Samba should not be trying to create it 
> again, although that is what it seems to be doing.
>
> When I got an NT admin to come over, I used
>     # net rpc join MEMBER -W DLSMIS -U Administrator
>
> got the NT admin to put in their password, and it joined successfully.
>
> This doesn't make sense since I don't need an NT admin's help to join 
> my Windows PC to the domain.
>
> I've seen numerous others with a similar problem but they usually 
> involve either a Samba PDC or Windows AD, so I don't see how they 
> apply to me.

To join Samba to an NT4 domain there are now two methods
1. Create machine accont on the fly, requires ad machine to domain 
priviledge, for the account doing it
works with net rpc join
2. Use a previously created machine account, requires no special piviledges
works with net rpc oldjoin

For further details see: man net

Cheers

Geza

More information about the samba mailing list