SAMBA again

Chong Yu Meng chongym
Tue Nov 15 21:24:58 PST 2005 

Hi Roger,

See my comments in-line below:

Roger Oberholtzer wrote:

>I have been trying to get a Windows Primary Domain Controller (PDC) to
>validate users for my Linux SAMBA. I seem on the verge of getting it to
>work. I have one question I don't see a proper answer for:
>
>When I join a domain, the docs say to log in as 'administrator'. Is this
>a requirement that you be administrator on the PDC, or just sloppy
>documentation? 
>
AFAIK, the first time you login to the domain, you WILL need to be 
administrator, whether you are joining a Linux or a Windows box to the 
domain. What I mean by that is: your PDC may have one or several 
administrator accounts-- you will need to use the userID and password 
from one of those administrator accounts to join the domain, the first 
time! The reason for that seems to be that the first time you login to a 
domain, it downloads authentication information, such as domain user 
names and group names to your domain member. If you are NOT 
administrator, I do not think that you can query the authentication 
database.

>There is no way in hell your average admin is going to
>give out administrator accounts/passwords to linux boxes scattered
>around the net
>
Actually, you could tell the administrator that you are joining a 
Windows box and need an administrator account's credentials. That 
normally works for me! ;) Windows boxes still need the administrator 
credentials to join the domain, for the FIRST TIME only. Linux boxes may 
be different (see below)

>Where in SAMBA/winbind do you configure the name/password of the user
>you should use to join the domain? 
>
>  
>
You do not configure the name and password. Instead the process of 
joining a domain, again AFAICT, is to run this on the command line,

# net rpc join -W <domain_name> -U <domain_user_account>

On some domains, you need to be admnistrator to join, because of some 
login scripts that need to run, etc.
 

>Talk about an area with bad documentation. There is lots of it. But it
>is mostly bad. I have read so much, and it does not always help. The
>suggested By-Example book does not, that I could identify as such, give
>a step-by-step COMPLETE guide to joining a domain to authenticate users.
>You always get one bit here, a disconnected bit there, and so on.
>
>  
>
That's why it took me 3 years to reach the stage of a Step-by-Step. And 
even then, there are some things I still do not understand.

Hope this helps!

Regards,
pascal chong

More information about the Linux-users mailing list