[Samba] How to add a client to a domain?

quiztli at lavabit.com quiztli at lavabit.com
Wed Jun 19 00:02:02 MDT 2013

I checked smb.conf file and didn't find any entry enabling 'window
privileges', "enable privileges = yes". Adding a client to a domain seems
like it doesn't require this then? Will samba use another sort of account
rights-system lacking this?
At a glance it appears to me that the thought-up scheme of adding clients
might be to just create the accounts for it and then it can join the
domain, however the prompt I get obviously indicates that there's
something not quite right.

I'll attach the smb.conf file for the server.

>You should use either root or administrator (depending on your setup),
however, any user with the SeMachineAccountPrivilege
will be able to add machines to the domain (root just has all of the Se
privileges by default)
>On Tue, Jun 18, 2013 at 4:03 AM, <quiztli at lavabit.com> wrote:
>Thanks for your advice René. I checked the two clients and the one that is
>already part of the domain did have these entries. The client I'm trying
>to connect didn't so I added them.
>I restarted the client and tried to join it into the domain. I still get a
>promt for an user and account that can join/connect to the domain. What
>sort of account should be given here?
>I've tried a few combinations but none succeeded. The documentation I
>referred to earlier brings up a few alternative approaches, one being "a
>Samba account that has root privileges on the Samba server".
>Just to point out: Besides the "actual" domain the clients are part of
>there also seems to be a domain solely for the server (the server is named
>FOOBAR and there's a corresponding FOOBAR domain)
>>did you change the registry of your Windows 7 Client?
>>Windows Registry Editor Version 5.00
>>Sounds a lot like you did not.
>>Am 18.06.2013 08:03, schrieb quiztli at lavabit.com:
>>> Hello
>>> I have recently "inherited" a small domain consisting of a linux
>>> server running samba 3.6 and one client computer running Windows 7
>>> I want to add another client (also running Windows 7) to the domain.
>>> Previously adding clients has been done by manually creating a linux
>>> machine account and samba account.
>>> I have created the accounts for the new client but when I try to
>>> configure it to be part of the domain a window pops up prompting for
>>> an account and password "that can join the domain". I don't really
>>> know what to enter here and I am unable to add the machine.
>>> Quoting from the documentation:
>>> http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/domain-memb
>>> er.html#machine-trust-accounts
>>> "When the user elects to make the client a domain member, Windows 200x
>>> prompts for an account and password that has privileges to create
>>> machine accounts in the domain."
>>> "A Samba administrator account (i.e., a Samba account that has root
>>> privileges on the Samba server) must be entered here; the operation
>>> will fail if an ordinary user account is given. The necessary
>>> privilege can be assured by creating a Samba SAM account for root or
>>> by granting the SeMachineAccountPrivilege privilege to the user account."
>>> What should I do sucessfully add the client to the domain?

More information about the samba mailing list