How to Add Workstations to Your Samba Domain
Adding workstations to a Samba domain is a two-step process involving the creation of workstation trust accounts on the Samba server and then logging into each workstation to add them to the domain.
Create Samba Trust Accounts for Each Workstation
PDCs accept user logins only from trusted PCs that have been placed in its PC client database. Samba can create these Machine Trusts either manually or automatically.
Manual Creation of Machine Trust Accounts (NT Only)
The commands in the example create a special Linux group for Samba clients and then add a special machine user that's a member of the group. Next, the commands disable the password for this user and add the machine added to the smbpasswd file to help keep track of which devices are members of the domain. In summary, a machine trust account needs to have corresponding entries in the /etc/passwd and /etc/smbpasswd files. Pay careful attention to the $ at the end, and replace machine_name with the name of the Windows client machine.
[root@bigboy tmp]# groupadd samba-clients
[root@bigboy tmp]# /usr/sbin/useradd -g samba-clients \
-d /dev/null -s /bin/false machine_name$
[root@bigboy tmp]# passwd -l machine_name$
[root@bigboy tmp]# smbpasswd -a -m machine_name
This is the only way to configure machine trusts using Windows NT.
Dynamic Creation of Machine Trust Accounts
Although you can use the manual method, the recommended way of creating machine trust accounts is simply to allow the Samba server to create them as needed when the Windows clients join the domain, which is known as making a machine account on the fly. You can set this up by editing /etc/samba/smb.conf to automatically add the required users.
The easiest way is to use SWAT in the Global menu to modify the add machine script parameter.
[global]
# <...remainder of parameters...>
add machine script = /usr/sbin/useradd -d /dev/null -g samba-clients -
s /bin/false -M %u
When you've completed the modifications, you'll need to create the samba-clients Linux group that will help identify all the domain's Windows clients listed in the /etc/passwd file.
[root@bigboy tmp]# groupadd samba-clients
In Samba version 2, you need to add the client to the smbpasswd file also.
[root@bigboy tmp]# smbpasswd -a -m machine_name
Samba version 3 adds it automatically.
Make Your PC Clients Aware of Your Samba PDC
There are many types of Windows installed on PCs, and each version has its own procedure for joining a domain. The next sections show you how to add the most popular versions of Windows clients to your domain.
Windows 95/98/ME and Windows XP Home
Windows 9x machines do not implement full domain membership and, therefore, don't require machine trust accounts. Here's what you need to do:
1. | Navigate to the Network section of the Control Panel (Start>Settings>Control Panel>Network).
| 2. | Select the Configuration tab.
| 3. | Highlight Client for Microsoft Networks.
| 4. | Click the Properties button.
| 5. | Check Log onto Windows NT Domain, and enter the domain name.
| 6. | Click all the OK buttons.
|
Now, simply reboot and you're done!
Windows NT
For Windows NT, you must first create a manual Samba machine trust account as explained earlier, then follow these steps:
1. | Navigate to the Network section of the Control Panel (Start>Settings>Control Panel>Network).
| 2. | Select the Identification tab.
| 3. | Click the Change button.
| 4. | Enter the domain name and computer name, do not check the box Create a Computer Account in the Domain. In this case, the existing machine trust account joins the machine to the domain.
| 5. | Click OK. You should get a "Welcome to <DOMAIN>" message as confirmation that you've been added.
| 6. | Reboot.
|
You can now log in using any account in the /etc/smbpasswd file with your domain as the domain name.
Windows 200x and Windows XP Professional
For the 200x and XP Professional varieties of Windows, create a dynamic Samba machine trust account, then go through these steps:
1. | Press the Windows and Break keys simultaneously to access the System Properties dialog.
| 2. | Click on the Network Identification or Computer Name tab on the top.
| 3. | Click the Properties button.
| 4. | Click on the Member of Domain button.
| 5. | Enter your domain name and computer name, and then click OK.
| 6. | You will be prompted for a user account and password with rights to join a machine to the domain. Enter the information for your Samba administrator. In this home environment scenario, the user would be root with the corresponding smbpasswd password. Now, you should get a "Welcome to <DOMAIN>" message confirming that you've been added.
| 7. | Reboot.
|
You can now log in using any account in the /etc/smbpasswd file with your domain as the domain name.
With Samba version 2, however, you may also have to make a few changes to your system's registry using the regedit command:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\
Parameters]
"requiresignorseal"=dword:00000000
"signsecurechannel"=dword:00000000
After making these changes, reboot before continuing.
| 
