[Samba] TOSHARG-DomainMember.xml translate finish and some bug found

OPC oota t-oota at dh.jp.nec.com
Mon Jul 6 07:18:31 GMT 2009


Now, TOSHARG-DomainMember.xml translate to Japanese finished.

and Some bug found.

<procedure>
<title>Server Manager Account Machine Account Management</title>
                      -------Domain?
        <step><para>
        From the menu select <guimenu>Computer</guimenu>.
        </para></step>

        When the user elects to make the client a domain member, Windows 200x prompts for
        an account and password that has privileges to create  machine accounts in the domain.
        A Samba administrator account (i.e., a Samba account that has <constant>root</constant> privileges on the
        Samba server) must be entered here; the operation will fail if an ordinary user
        account is given.

---> Can user who have SeMachineAccountPrivilege rights  join machine ?


<para>
<indexterm><primary>ADS</primary></indexterm>
<indexterm><primary>SRV records</primary></indexterm>
<indexterm><primary>DNS zon</primary></indexterm>
                        ---zone?

<indexterm><primary>KDC</primary></indexterm>
<indexterm><primary>_kerberos.REALM.NAME</primary></indexterm>
Microsoft ADS automatically create SRV records in the DNS zone


<indexterm><primary>Kerberos</primary></indexterm>
<indexterm><primary>Create the Computer Account</primary></indexterm>
<indexterm><primary>Testing Server Setup</primary></indexterm>
<indexterm><primary></primary></indexterm>
                   -why null?

If all you want is Kerberos support in &smbclient;, then you can skip directly to <link


        <indexterm><primary>kinit</primary></indexterm>
        <indexterm><primary>rights</primary></indexterm>
        You need to log in to the domain using <userinput>kinit
                    -------
                    login ?
        <replaceable>USERNAME</replaceable>@<replaceable>REALM</replaceable></userinput>.
        <replaceable>USERNAME</replaceable> must be a user who has rights to add a machine to the domain.
        </para></listitem></varlistentry>


On a Windows 2000 client, try <userinput>net use * \\server\share</userinput>. You should
be logged in with Kerberos without needing to know a password. If this fails, then run
------------
login ?
<userinput>klist tickets</userinput>. Did you get a ticket for the server? Does it have
an encryption type of DES-CBC-MD5?


On your Samba server try to log in to a Windows 2000 server or your Samba
                            ------
                            login?
server using &smbclient; and Kerberos. Use &smbclient; as usual, but
specify the <option>-k</option> option to choose Kerberos authentication.
</para>

</sect2>

<sect2>
<title>Notes</title>

--
--- Oota Toshiya ---  t-oota at dh.jp.nec.com
NEC Computers Software Operations Unit              Shiba,Minato,Tokyo
Open Source Software Platform Development Division  Japan,Earth,Solar system
(samba-jp/ldap-jp Staff,mutt-j/samba-jp postmaster)


More information about the samba mailing list