[Samba] joining a domain without having Windows admin privileges

Andrew Bartlett abartlet at samba.org
Tue Mar 8 09:16:32 GMT 2005

On Mon, 2005-03-07 at 11:00 +0100, David Landgren wrote:
> On Fri, 04 Mar 2005 00:06:10 -0600, J Raynor <raynorj at mn.rr.com> wrote:
> > 
> > I would like to use "security = domain" for a samba server, but the only
> > way I've found to do that is to issue the command "net rpc join -U
> > admin%password" where "admin" is a Windows user that has the authority
> > to create machine accounts.  I don't have that authority, and I don't
> > think I can get it.
> > Is there another way to do this?  For instance, if the Windows admins
> > add the machine account for me, can I issue a different command to join
> > the domain?  What command?
> Ask the admins to insert if for you into the domain. There's a reason
> it's done this way, so that the admins have a nominal idea of what
> machines are on their network, and thus, potentially responsible for.

If you do a 'net rpc join', it should first try to take up this account
(added from the server side) and change the preset password (the machine
name) to something random.  

Or get the admin to put their password into the the 'net rpc join'.

Andrew Bartlett

Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Student Network Administrator, Hawker College  http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20050308/0bd4bcf4/attachment.bin

More information about the samba mailing list