Follow Techotopia on Twitter

On-line Guides
All Guides
eBook Store
iOS / Android
Linux for Beginners
Office Productivity
Linux Installation
Linux Security
Linux Utilities
Linux Virtualization
Linux Kernel
System/Network Admin
Scripting Languages
Development Tools
Web Development
GUI Toolkits/Desktop
Mail Systems
Eclipse Documentation

How To Guides
General System Admin
Linux Security
Linux Filesystems
Web Servers
Graphics & Desktop
PC Hardware
Problem Solutions
Privacy Policy




Samba HowTo Guide
Prev Home Next

Create the Computer Account

As a user who has write permission on the Samba private directory (usually root), run:

net ads join -U Administrator%password

The Administrator account can be any account that has been designated in the ADS domain security settings with permission to add machines to the ADS domain. It is, of course, a good idea to use an account other than Administrator. On the UNIX/Linux system, this command must be executed by an account that has UID=0 (root).

When making a Windows client a member of an ADS domain within a complex organization, you may want to create the machine trust account within a particular organizational unit. Samba-3 permits this to be done using the following syntax:

kinit [email protected]

net ads join "organizational_unit"

Your ADS manager will be able to advise what should be specified for the "organizational_unit" parameter.

For example, you may want to create the machine trust account in a container called “Servers” under the organizational directory “Computers\BusinessUnit\Department,” like this:

net ads join "Computers\BusinessUnit\Department\Servers"

This command will place the Samba server machine trust account in the container Computers\BusinessUnit\Department\Servers. The container should exist in the ADS directory before executing this command.

Possible Errors

ADS support not compiled in

Samba must be reconfigured (remove config.cache) and recompiled (make clean all install) after the Kerberos libraries and headers files are installed.

net ads join prompts for user name

You need to log in to the domain using kinit USERNAME @ REALM . USERNAME must be a user who has rights to add a machine to the domain.

Unsupported encryption/or checksum types

Make sure that the /etc/krb5.conf is correctly configured for the type and version of Kerberos installed on the system.

Samba HowTo Guide
Prev Home Next

  Published under the terms fo the GNU General Public License Design by Interspire