[Samba] Workstaion trust account

[Andrew Bartlett]

On Tue, 2007-01-23 at 17:50 +0000, Cardon Denis wrote:
> Hi sermodi,
> > I'm having a problem adding a W2K workstaion to the domain samba+ldap. 
> > I can
> > add it by logging with the local administartor then add to domain, but I
> > would like to do it without doing it manually on every workstation. Have
> > hundrads of workstations, I tried to add them by using smbldap scripts 
> > and I
> > get an entry for the workstation but it still don't work. Is it even
> > possible to only add a trust account on the PDC or do I have to do it 
> > from
> > the windows client?
> adding a workstation throught the windows "join a domain" gui does some 
> configuration change on the host computer. Modifying is not enough, in 
> any case you'll have to do a few thing on the windows box. However there 
> a few command line tools available from MS for joining a domain, so you 
> can write a small script to add the boxes.

There is an RPC to do this (wkssvc_NetrJoinDomain2), but we never spent
enough time to figure out the crypto.  The 524 byte password buffer
looks like one of the existing uses of this kind of buffer (like SAMR),
but that didn't apparently work.

Andrew Bartlett

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Red Hat Inc.                  http://redhat.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20070124/1d9a3e9a/attachment.bin