Hello I have recently "inherited" a small domain consisting of a linux server running samba 3.6 and one client computer running Windows 7. I want to add another client (also running Windows 7) to the domain. Previously adding clients has been done by manually creating a linux machine account and samba account. I have created the accounts for the new client but when I try to configure it to be part of the domain a window pops up prompting for an account and password "that can join the domain". I don't really know what to enter here and I am unable to add the machine. Quoting from the documentation: http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/domain-member.html#machine-trust-accounts "When the user elects to make the client a domain member, Windows 200x prompts for an account and password that has privileges to create machine accounts in the domain." "A Samba administrator account (i.e., a Samba account that has root privileges on the Samba server) must be entered here; the operation will fail if an ordinary user account is given. The necessary privilege can be assured by creating a Samba SAM account for root or by granting the SeMachineAccountPrivilege privilege to the user account." What should I do sucessfully add the client to the domain?
Hi, did you change the registry of your Windows 7 Client? Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Parameters] "DomainCompatibilityMode"=dword:00000001 "DNSNameResolutionRequired"=dword:00000000 Sounds a lot like you did not. Am 18.06.2013 08:03, schrieb quiztli at lavabit.com:> Hello > > I have recently "inherited" a small domain consisting of a linux server > running samba 3.6 and one client computer running Windows 7. > > I want to add another client (also running Windows 7) to the domain. > Previously adding clients has been done by manually creating a linux > machine account and samba account. > > I have created the accounts for the new client but when I try to configure > it to be part of the domain a window pops up prompting for an account and > password "that can join the domain". I don't really know what to enter > here and I am unable to add the machine. > > Quoting from the documentation: > http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/domain-member.html#machine-trust-accounts > > "When the user elects to make the client a domain member, Windows 200x > prompts for an account and password that has privileges to create machine > accounts in the domain." > > "A Samba administrator account (i.e., a Samba account that has root > privileges on the Samba server) must be entered here; the operation will > fail if an ordinary user account is given. The necessary privilege can be > assured by creating a Samba SAM account for root or by granting the > SeMachineAccountPrivilege privilege to the user account." > > What should I do sucessfully add the client to the domain? > >Mit freundlichen Gr??en, Ren? Fuchs -- *********************************************** aixTeMa(?) Digitale Loesungen GmbH Ren? Fuchs Philipsstr. 8, 52068 Aachen, Germany Tel.: +49 241 70515-1323, Fax: +49 241 70515-15 mailto:r.fuchs at aixtema.de WWW: http://www.aixtema.de Shop: http://shop.aixtema.de Geschaeftsfuehrer: Oliver Rossbruch HRB 8201, Amtsgericht Aachen USt.-Id-Nr. DE 210 906 744 St.-Nr. 201/5942/3737, Finanzamt Aachen Stadt ***********************************************
Thanks for your advice Ren?. I checked the two clients and the one that is already part of the domain did have these entries. The client I'm trying to connect didn't so I added them. I restarted the client and tried to join it into the domain. I still get a promt for an user and account that can join/connect to the domain. What sort of account should be given here? I've tried a few combinations but none succeeded. The documentation I referred to earlier brings up a few alternative approaches, one being "a Samba account that has root privileges on the Samba server". Just to point out: Besides the "actual" domain the clients are part of there also seems to be a domain solely for the server (the server is named FOOBAR and there's a corresponding FOOBAR domain)>Hi, >did you change the registry of your Windows 7 Client? >Windows Registry Editor Version 5.00 > >[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Parameters] >"DomainCompatibilityMode"=dword:00000001 >"DNSNameResolutionRequired"=dword:00000000 > >Sounds a lot like you did not. > > > >Am 18.06.2013 08:03, schrieb quiztli at lavabit.com: >> Hello >> >> I have recently "inherited" a small domain consisting of a linux >> server running samba 3.6 and one client computer running Windows 7. >> >> I want to add another client (also running Windows 7) to the domain. >> Previously adding clients has been done by manually creating a linux >> machine account and samba account. >> >> I have created the accounts for the new client but when I try to >> configure it to be part of the domain a window pops up prompting for >> an account and password "that can join the domain". I don't really >> know what to enter here and I am unable to add the machine. >> >> Quoting from the documentation: >> http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/domain-memb >> er.html#machine-trust-accounts >> >> "When the user elects to make the client a domain member, Windows 200x >> prompts for an account and password that has privileges to create >> machine accounts in the domain." >> >> "A Samba administrator account (i.e., a Samba account that has root >> privileges on the Samba server) must be entered here; the operation >> will fail if an ordinary user account is given. The necessary >> privilege can be assured by creating a Samba SAM account for root or >> by granting the SeMachineAccountPrivilege privilege to the user account." >> >> What should I do sucessfully add the client to the domain?
I checked smb.conf file and didn't find any entry enabling 'window privileges', "enable privileges = yes". Adding a client to a domain seems like it doesn't require this then? Will samba use another sort of account rights-system lacking this? At a glance it appears to me that the thought-up scheme of adding clients might be to just create the accounts for it and then it can join the domain, however the prompt I get obviously indicates that there's something not quite right. I'll attach the smb.conf file for the server.>You should use either root or administrator (depending on your setup),however, any user with the SeMachineAccountPrivilege http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/rights.html will be able to add machines to the domain (root just has all of the Se privileges by default)> >Ricky > >On Tue, Jun 18, 2013 at 4:03 AM, <quiztli at lavabit.com> wrote: >Thanks for your advice Ren?. I checked the two clients and the one that is >already part of the domain did have these entries. The client I'm trying >to connect didn't so I added them. > >I restarted the client and tried to join it into the domain. I still get a >promt for an user and account that can join/connect to the domain. What >sort of account should be given here? >I've tried a few combinations but none succeeded. The documentation I >referred to earlier brings up a few alternative approaches, one being "a >Samba account that has root privileges on the Samba server". > >Just to point out: Besides the "actual" domain the clients are part of >there also seems to be a domain solely for the server (the server is named >FOOBAR and there's a corresponding FOOBAR domain) > >>Hi, >>did you change the registry of your Windows 7 Client? >>Windows Registry Editor Version 5.00 >> >>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Parameters] >>"DomainCompatibilityMode"=dword:00000001 >>"DNSNameResolutionRequired"=dword:00000000 >> >>Sounds a lot like you did not. >> >> >> >>Am 18.06.2013 08:03, schrieb quiztli at lavabit.com: >>> Hello >>> >>> I have recently "inherited" a small domain consisting of a linux >>> server running samba 3.6 and one client computer running Windows 7 >>> >>> I want to add another client (also running Windows 7) to the domain. >>> Previously adding clients has been done by manually creating a linux >>> machine account and samba account. >>> >>> I have created the accounts for the new client but when I try to >>> configure it to be part of the domain a window pops up prompting for >>> an account and password "that can join the domain". I don't really >>> know what to enter here and I am unable to add the machine. >>> >>> Quoting from the documentation: >>> http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/domain-memb >>> er.html#machine-trust-accounts >>> >>> "When the user elects to make the client a domain member, Windows 200x >>> prompts for an account and password that has privileges to create >>> machine accounts in the domain." >>> >>> "A Samba administrator account (i.e., a Samba account that has root >>> privileges on the Samba server) must be entered here; the operation >>> will fail if an ordinary user account is given. The necessary >>> privilege can be assured by creating a Samba SAM account for root or >>> by granting the SeMachineAccountPrivilege privilege to the user account." >>> >>> What should I do sucessfully add the client to the domain?