samba - Jan 2002 - Samba 2.2.2 Capabilities

Forgive my ignorance; I'm a UNIX person, not a Windows person.  And
please feel free to point me to documentation if there is any on this
topic...I was unable to find any.

I need to set up a series of workstations running Linux (RH variant,
Samba 2.2.2) which have no local authentication information, but
rather use PAM and winbind to authenticate against a Win2k Active
Directory server.  According to the winbind documentation, I need to
set up a machine trust account to enable this.

Does the command:

  smbpasswd -j DOMAIN -r win2kads -U user -m

need to be issued every time the Linux boxes are booted?  And must a
password be given each time, if so?

Also, does the "user" account passed to -U require administrative
privileges?  If so, why is this not needed for normal Windows boxes to
join a domain?  Perhaps there is something I'm neglecting to do on the
2k/ADS side of things?

On the flip side, is it possible for Samba 2.x/3.0 to act as an ADS
server? at least to the point where one can use the pretty little
Active Directory admin tools to control it? :-)

Any and all help appreciated.

Thanks,
Michael

-- 
Michael Jennings (a.k.a. KainX)  http://www.kainx.org/  <mej@kainx.org>
n+1, Inc., http://www.nplus1.net/         Author, Eterm (www.eterm.org)
-----------------------------------------------------------------------
 "I am I myself alone.  I realize I never need [anyone].  Money, 
  power, holy roads...Freedom puts my faith in none of the above."
                                   -- Duran Duran, "None of the Above"

On Fri, 11 Jan 2002, Michael Jennings wrote:
> Does the command:
>
>   smbpasswd -j DOMAIN -r win2kads -U user -m
You do not need the '-m'.  That's for creating a machine
account on a Samba PDC.
> need to be issued every time the Linux boxes are booted?  And must a
> password be given each time, if so?
No. Once is all you need.  The password is stored in the secrets.tdb
file.
> Also, does the "user" account passed to -U require administrative
> privileges?  If so, why is this not needed for normal Windows boxes to
> join a domain?  Perhaps there is something I'm neglecting to do on the
> 2k/ADS side of things?
Yes it does require admin priviledges.
> On the flip side, is it possible for Samba 2.x/3.0 to act as an ADS
> server? at least to the point where one can use the pretty little
> Active Directory admin tools to control it? :-)
No.








chau, jerry
 ---------------------------------------------------------------------
 Hewlett-Packard                                     http://www.hp.com
 SAMBA Team                                       http://www.samba.org
 --                                            http://www.plainjoe.org
 "Sam's Teach Yourself Samba in 24 Hours" 2ed.      ISBN
0-672-32269-2
 --"I never saved anything for the swim back." Ethan Hawk in Gattaca--