Discussion:
[Samba] How to add a client to a domain?
(too old to reply)
q***@lavabit.com
2013-06-18 06:30:02 UTC
Permalink
Hello

I have recently "inherited" a small domain consisting of a linux server
running samba 3.6 and one client computer running Windows 7.

I want to add another client (also running Windows 7) to the domain.
Previously adding clients has been done by manually creating a linux
machine account and samba account.

I have created the accounts for the new client but when I try to configure
it to be part of the domain a window pops up prompting for an account and
password "that can join the domain". I don't really know what to enter
here and I am unable to add the machine.

Quoting from the documentation:
http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/domain-member.html#machine-trust-accounts

"When the user elects to make the client a domain member, Windows 200x
prompts for an account and password that has privileges to create machine
accounts in the domain."

"A Samba administrator account (i.e., a Samba account that has root
privileges on the Samba server) must be entered here; the operation will
fail if an ordinary user account is given. The necessary privilege can be
assured by creating a Samba SAM account for root or by granting the
SeMachineAccountPrivilege privilege to the user account."

What should I do sucessfully add the client to the domain?
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
q***@lavabit.com
2013-06-18 09:10:02 UTC
Permalink
Thanks for your advice René. I checked the two clients and the one that is
already part of the domain did have these entries. The client I'm trying
to connect didn't so I added them.

I restarted the client and tried to join it into the domain. I still get a
promt for an user and account that can join/connect to the domain. What
sort of account should be given here?
I've tried a few combinations but none succeeded. The documentation I
referred to earlier brings up a few alternative approaches, one being "a
Samba account that has root privileges on the Samba server".

Just to point out: Besides the "actual" domain the clients are part of
there also seems to be a domain solely for the server (the server is named
FOOBAR and there's a corresponding FOOBAR domain)
Hi,
did you change the registry of your Windows 7 Client?
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Parameters]
"DomainCompatibilityMode"=dword:00000001
"DNSNameResolutionRequired"=dword:00000000
Sounds a lot like you did not.
Post by q***@lavabit.com
Hello
I have recently "inherited" a small domain consisting of a linux
server running samba 3.6 and one client computer running Windows 7.
I want to add another client (also running Windows 7) to the domain.
Previously adding clients has been done by manually creating a linux
machine account and samba account.
I have created the accounts for the new client but when I try to
configure it to be part of the domain a window pops up prompting for
an account and password "that can join the domain". I don't really
know what to enter here and I am unable to add the machine.
http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/domain-memb
er.html#machine-trust-accounts
"When the user elects to make the client a domain member, Windows 200x
prompts for an account and password that has privileges to create
machine accounts in the domain."
"A Samba administrator account (i.e., a Samba account that has root
privileges on the Samba server) must be entered here; the operation
will fail if an ordinary user account is given. The necessary
privilege can be assured by creating a Samba SAM account for root or
by granting the SeMachineAccountPrivilege privilege to the user account."
What should I do sucessfully add the client to the domain?
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Ricky Nance
2013-06-18 14:30:02 UTC
Permalink
You should use either root or administrator (depending on your setup),
however, any user with the SeMachineAccountPrivilege
http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/rights.html will
be able to add machines to the domain (root just has all of the Se
privileges by default).

Ricky
Post by q***@lavabit.com
Thanks for your advice René. I checked the two clients and the one that is
already part of the domain did have these entries. The client I'm trying
to connect didn't so I added them.
I restarted the client and tried to join it into the domain. I still get a
promt for an user and account that can join/connect to the domain. What
sort of account should be given here?
I've tried a few combinations but none succeeded. The documentation I
referred to earlier brings up a few alternative approaches, one being "a
Samba account that has root privileges on the Samba server".
Just to point out: Besides the "actual" domain the clients are part of
there also seems to be a domain solely for the server (the server is named
FOOBAR and there's a corresponding FOOBAR domain)
Hi,
did you change the registry of your Windows 7 Client?
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Parameters]
"DomainCompatibilityMode"=dword:00000001
"DNSNameResolutionRequired"=dword:00000000
Sounds a lot like you did not.
Post by q***@lavabit.com
Hello
I have recently "inherited" a small domain consisting of a linux
server running samba 3.6 and one client computer running Windows 7.
I want to add another client (also running Windows 7) to the domain.
Previously adding clients has been done by manually creating a linux
machine account and samba account.
I have created the accounts for the new client but when I try to
configure it to be part of the domain a window pops up prompting for
an account and password "that can join the domain". I don't really
know what to enter here and I am unable to add the machine.
http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/domain-memb
er.html#machine-trust-accounts
"When the user elects to make the client a domain member, Windows 200x
prompts for an account and password that has privileges to create
machine accounts in the domain."
"A Samba administrator account (i.e., a Samba account that has root
privileges on the Samba server) must be entered here; the operation
will fail if an ordinary user account is given. The necessary
privilege can be assured by creating a Samba SAM account for root or
by granting the SeMachineAccountPrivilege privilege to the user
account."
Post by q***@lavabit.com
What should I do sucessfully add the client to the domain?
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
q***@lavabit.com
2013-06-19 06:10:02 UTC
Permalink
I checked smb.conf file and didn't find any entry enabling 'window
privileges', "enable privileges = yes". Adding a client to a domain seems
like it doesn't require this then? Will samba use another sort of account
rights-system lacking this?
At a glance it appears to me that the thought-up scheme of adding clients
might be to just create the accounts for it and then it can join the
domain, however the prompt I get obviously indicates that there's
something not quite right.

I'll attach the smb.conf file for the server.
Post by Ricky Nance
You should use either root or administrator (depending on your setup),
however, any user with the SeMachineAccountPrivilege
http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/rights.html
will be able to add machines to the domain (root just has all of the Se
privileges by default)
Post by Ricky Nance
Ricky
Thanks for your advice René. I checked the two clients and the one that is
already part of the domain did have these entries. The client I'm trying
to connect didn't so I added them.
I restarted the client and tried to join it into the domain. I still get a
promt for an user and account that can join/connect to the domain. What
sort of account should be given here?
I've tried a few combinations but none succeeded. The documentation I
referred to earlier brings up a few alternative approaches, one being "a
Samba account that has root privileges on the Samba server".
Just to point out: Besides the "actual" domain the clients are part of
there also seems to be a domain solely for the server (the server is named
FOOBAR and there's a corresponding FOOBAR domain)
Hi,
did you change the registry of your Windows 7 Client?
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Parameters]
"DomainCompatibilityMode"=dword:00000001
"DNSNameResolutionRequired"=dword:00000000
Sounds a lot like you did not.
Post by q***@lavabit.com
Hello
I have recently "inherited" a small domain consisting of a linux
server running samba 3.6 and one client computer running Windows 7
I want to add another client (also running Windows 7) to the domain.
Previously adding clients has been done by manually creating a linux
machine account and samba account.
I have created the accounts for the new client but when I try to
configure it to be part of the domain a window pops up prompting for
an account and password "that can join the domain". I don't really
know what to enter here and I am unable to add the machine.
http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/domain-memb
er.html#machine-trust-accounts
"When the user elects to make the client a domain member, Windows 200x
prompts for an account and password that has privileges to create
machine accounts in the domain."
"A Samba administrator account (i.e., a Samba account that has root
privileges on the Samba server) must be entered here; the operation
will fail if an ordinary user account is given. The necessary
privilege can be assured by creating a Samba SAM account for root or
by granting the SeMachineAccountPrivilege privilege to the user account."
What should I do sucessfully add the client to the domain?
René Fuchs
2013-06-24 20:50:03 UTC
Permalink
Hi,
did you change the registry of your Windows 7 Client?
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Parameters]
"DomainCompatibilityMode"=dword:00000001
"DNSNameResolutionRequired"=dword:00000000

Sounds a lot like you did not.
Post by q***@lavabit.com
Hello
I have recently "inherited" a small domain consisting of a linux server
running samba 3.6 and one client computer running Windows 7.
I want to add another client (also running Windows 7) to the domain.
Previously adding clients has been done by manually creating a linux
machine account and samba account.
I have created the accounts for the new client but when I try to configure
it to be part of the domain a window pops up prompting for an account and
password "that can join the domain". I don't really know what to enter
here and I am unable to add the machine.
http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/domain-member.html#machine-trust-accounts
"When the user elects to make the client a domain member, Windows 200x
prompts for an account and password that has privileges to create machine
accounts in the domain."
"A Samba administrator account (i.e., a Samba account that has root
privileges on the Samba server) must be entered here; the operation will
fail if an ordinary user account is given. The necessary privilege can be
assured by creating a Samba SAM account for root or by granting the
SeMachineAccountPrivilege privilege to the user account."
What should I do sucessfully add the client to the domain?
Mit freundlichen Grüßen,
René Fuchs
--
***********************************************
aixTeMa(®) Digitale Loesungen GmbH
René Fuchs
Philipsstr. 8, 52068 Aachen, Germany
Tel.: +49 241 70515-1323, Fax: +49 241 70515-15
mailto:***@aixtema.de

WWW: http://www.aixtema.de
Shop: http://shop.aixtema.de

Geschaeftsfuehrer: Oliver Rossbruch
HRB 8201, Amtsgericht Aachen
USt.-Id-Nr. DE 210 906 744
St.-Nr. 201/5942/3737, Finanzamt Aachen Stadt
***********************************************
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Loading...