HP CIFS Server "net ads join" with Minimum User Permissions
15
4.2 At the CIFS/Samba Command Line
Now the new CIFS/Samba computer object has been added to the domain with the MMC. The user darla
has been added to the object and has been assigned the minimum permission set to join at the
command line. Execute the “net ads join –U darla”:
rmonster->net ads join -U darla
darla's password:
[2005/09/14 08:46:57, 0] libads/ldap.c:ads_add_machine_acct(1366)
ads_add_machine_acct: Host account for rmonster already exists - modifying old account
Using short domain name -- SNSLATC
Joined 'RMONSTER' to realm 'SNSLATC.HP.COM'
rmonster->
The join succeeds. Notice the message that the host account already exists, and has been modified with
the new Samba data.
Test that domain membership and Kerberos authentication correctly operates by mapping a share with a
domain member client.
IMPORTANT: The computer object attribute userAccountControl is populated with a computed value
based upon several computer and domain factors. When adding a CIFS/Samba computer to the Active
Directory with the Users and Computers MMC, this value may be invalid for Kerberos authentication to
perform correctly. If Kerberos authentication does not perform correctly, then the attribute value may
have to be manually written to the AD using ADSIedit or LDAPModify.