HP CIFS Server 3.0g Administrator's Guide verison A.02.03.01

netbios name Set this parameter to the NetBIOS name by which a member server
is known.
Setting Permissions for a User
When using the net ads join command on an HP-UX machine to join an HP CIFS Server to
a Windows 2000/2003 ADS Domain as a member server, a normal user is not allowed to perform
the net ads join command. You must configure a Windows user to have create/delete
computer object permissions.
The following Windows users are allowed to run the net ads join command:
An administrator
A user is a member of the ”Administrators”, Domain Admins", Enterprise Admins”or
OU Admins” group in the Windows ADS Domain Controller, who has create/delete
computer object permissions by default.
A normal user is granted to have create/delete computer object permissions. Without the
privilege, a normal user does not have permissions to create/delete a machine account in
the Windows ADS database for an HP CIFS Server.
Use the following procedures to grant create/delete computer object permissions to a normal
user, cifsuser, as an example on the Windows 2003 ADS Domain:
1. In the Active Directory Users and Computers console, click View and select
Advanced feature.
2. Click on the Computers object and right click on the properties tab.
3. Select the Security tab on the properties window.
4. Click on the Advanced button.
5. In the permission entries list, select Account operators(YOURADS_DOMAIN\Account
operators) with Create/Delete Computer Objects permission.
6. Click on the Add button.
7. Click on the Advanced button.
8. Click on “Object Type" for specifying search scope to "Users" only. You may need to
remain the check box on "Users" only, remove all others of check boxes. And then click on
the OK button.
9. Click on the Find Now button to look for normal user names. In the search result list, click
on the domain user name, cifsuser, who wants to use the net ads join command.
Then, click on the OK button.
10. Once the selected user is presented in the Enter the object name to select list,
click the OK button to get in the permission entry for Computers window.
11. In the Permissions dialog box, check Create Computer Objects and Delete
Computer Objects selections.
12. Click on the OK button
13. Click on the Apply button.
14. Click on the OK button on the Advanced Security Setting for Computers window.
15. Click on the OK button on the Computers Properties window.
Step-by-step Procedure
Use the following instructions to join an HP CIFS Server to a Windows 2000/2003 ADS Domain
as a member server:
1. Verify that LDAP-UX Integration product has been installed on your HP CIFS Server:
swlist | grep J4269AA
Joining an HP CIFS Server to a Windows 2000/2003 Domain 77