[Samba] Workstaion trust account

sermodi sermodi at gmail.com
Wed Jan 24 16:09:19 GMT 2007

Andrew Bartlett skrev:
> On Tue, 2007-01-23 at 17:50 +0000, Cardon Denis wrote:
>> Hi sermodi,
>>> I'm having a problem adding a W2K workstaion to the domain samba+ldap. 
>>> I can
>>> add it by logging with the local administartor then add to domain, but I
>>> would like to do it without doing it manually on every workstation. Have
>>> hundrads of workstations, I tried to add them by using smbldap scripts 
>>> and I
>>> get an entry for the workstation but it still don't work. Is it even
>>> possible to only add a trust account on the PDC or do I have to do it 
>>> from
>>> the windows client?
>> adding a workstation throught the windows "join a domain" gui does some 
>> configuration change on the host computer. Modifying is not enough, in 
>> any case you'll have to do a few thing on the windows box. However there 
>> a few command line tools available from MS for joining a domain, so you 
>> can write a small script to add the boxes.
> There is an RPC to do this (wkssvc_NetrJoinDomain2), but we never spent
> enough time to figure out the crypto.  The 524 byte password buffer
> looks like one of the existing uses of this kind of buffer (like SAMR),
> but that didn't apparently work.
> Andrew Bartlett
Thanks for the reply.
About the client modification, on an existing (by existing I mean a 
workstaion that have been trusted previously on another PDC, a NT4) the 
client has already a password configured to the domain, the domain name 
is the same and a net vampire have been done on the NT4. So what is the 
different between the challenge made to NT4 and the one made to to the 
new samba PDC?
About the scripts that could be used,  any tips on how to write one? I 
know how to write .bat files my question is what commands should be used.
The last question can I just turn of the trust checking?

More information about the samba mailing list