MILLIGAN,ERIC (HP-Richardson,ex1)
2000-Apr-06 17:48 UTC
Join NT domain w/o using Server Manager?
I've been through the Archives, read the FAQs and pertinent info in the docs that came with the source I downloaded (3.16.2000) samba-latest.tar.gz, and have been unable to find a solution to my problem. I saw an article by Jeremy Allison stating "There are two methods of adding an NT machine to a domain. You can add the machine using the NT administrator tool called Server Manager for Domains, or you can add it at install time. This requires that you enter the domain administrator password on the client machine being added. The second method actually allows you to use Microsoft encrypted RPCs (remote procedure calls) from the machine being added to achieve the same effect as you would using Server Manager for Domains. As Samba doesn't yet implement the encrypted MS-RPC calls needed to use this second method I will not discuss it further here. As far as the effect on the domain controller account database is concerned, both methods are identical." However, this article is a bit old, and I was wondering if it still the case. Could someone confirm that there is no way to join the domain w/o using SM for domains; or (much preferred), does anyone know of a workaround? Currently, we have an NT WINS server on site, where we have access to Server Manager for domains. Shortly (April 15th) we will be changing to a corporate WINS server, and will no longer be able to utilize Server Manager for Domains. Thanks very much, Eric Milligan
[Eric Milligan] [quoting Jeremy A.]> As Samba doesn't yet implement the encrypted MS-RPC calls needed to > use this second method I will not discuss it further here. As far as > the effect on the domain controller account database is concerned, > both methods are identical."> However, this article is a bit old, and I was wondering if it still the > case. Could someone confirm that there is no way to join the domain w/o > using SM for domains; or (much preferred), does anyone know of a workaround?Samba 2.0.x, I believe this is still the case. CVS branch "HEAD" (on track to become 2.3.0), I'm not sure. CVS branch "SAMBA_TNG", you definitely can do this with `samedit' or `rpcclient'.> Currently, we have an NT WINS server on site, where we have access to > Server Manager for domains. Shortly (April 15th) we will be changing > to a corporate WINS server, and will no longer be able to utilize > Server Manager for Domains.Well, assuming you still have a password that gets you "Domain Admins" status, be that DOMAIN\Administrator or whatever, you *could* just compile rpcclient and samedit (I think they'd both work but I don't remember which is currently recommended) from SAMBA_TNG and use those. This amounts to running {Server|User} Manager for Domains on a remote machine. It may take considerable playing with to get it to work smoothly, but the functionality is there. Peter