Windows 200x/XP Professional Client
When the user elects to make the client a domain member, Windows 200x prompts for
an account and password that has privileges to create machine accounts in the domain.
A Samba administrator account (i.e., a Samba account that has root privileges on the
Samba server) must be entered here; the operation will fail if an ordinary user
account is given.
For security reasons, the password for this administrator account should be set
to a password that is other than that used for the root user in /etc/passwd.
The name of the account that is used to create domain member machine trust accounts can be
anything the network administrator may choose. If it is other than root,
then this is easily mapped to root in the file named in the smb.conf parameter
username map = /etc/samba/smbusers.
The session key of the Samba administrator account acts as an encryption key for setting the password of the machine trust
account. The Machine Trust Account will be created on-the-fly, or updated if it already exists.
If the Machine Trust Account was created manually, on the
Identification Changes menu enter the domain name, but do not
check the box Create a Computer Account in the Domain.
In this case, the existing Machine Trust Account is used to join the machine
to the domain.
If the Machine Trust Account is to be created on the fly, on the Identification Changes menu enter the domain
name and check the box Create a Computer Account in the Domain. In this case, joining
the domain proceeds as above for Windows 2000 (i.e., you must supply a Samba administrator account when
prompted).
