HP CIFS Server Administrator's Guide Version A.03.01.04 (5900-2303), April 2012
Step-by-step procedure
1. Choose "Domain Member Server" when executing samba_setup. When prompted, you will
need to add your domain Member Server machine account to the PDC.
For Windows NT: Go to the Windows NT PDC and create a machine account for the HP CIFS
Member Server by performing the following steps:
a. Open the "start/programs/administrator/tools/server manager" tool.
b. Select the "computer/add to domain" icon and enter the host name of the HP CIFS Server.
c. Choose the "Windows NT Workstation or Server" option when you are asked for the
computer type.
For Windows 2000: Go to the Windows 2000 PDC and create a machine account for the
HP CIFS Member Server by using the Active Directory Controller Wizard.
Check the "Allow Pre-Windows 2000 computers to use this account" box
and add the computer name
For Samba (including HP CIFS): Go to the Samba Server acting as a PDC and create a machine
account for the HP CIFS Member Server by following the steps provided in Chapter 4 section
titled, "Create a Machine Trust Account.". samba_setup will then perform the "net rpc
join -U Administrator%password" command for you.
Create the machine trust accounts
A Machine Trust Account for a Windows Client (Client=member server) on a HP CIFS Server acting
as a PDC is simply a user account entry created for a machine. It is denoted by the machine name
followed by "$".
For PDCs not using LDAP (default), machine accounts will have entries in both /etc/passwd (unix
user accounts) and /var/opt/samba/private/smbpasswd (Windows user accounts).
For PDCs using LDAP, machine accounts will have posixAccount and sambaSamAccount object
class entries in a directory server database.
The following steps are used to create a machine account for a Windows Client on a HP CIFS
Server acting as a Primary Domain Controller (PDC):
1. Create the UNIX or POSIX account for a Windows Client:
• Use the following command to create the POSIX account for a Windows client in the
/etc/passwd file if LDAP is disabled:
$ useradd -c NT_workstation -d /home/temp -s /bin/false client1$
As an example, the resulting entry in the /etc/passwd file for a client machine named
"client1" would be:
client1$:*:801:800:NT_Workstation: /home/temp:/bin/false
where 801 is a uid and 800 is the group id of a group called "machines." A uid or group
id can be any unique number. You may find that uid values 0 through 100 are considered
special, and/or server specific. This may, or may not apply to your system.
The machine account is the machine's name with a dollar sign character ("$") appended
to it. The home directory can be set to /home/temp. The shell field in the /etc/passwd
file is not used and can be set to /bin/false.
• Use the following command to create the posixAccount entry for a Windows client in the
LDAP directory if LDAP is enabled:
$ /opt/ldapux/bin/ldapmodify –a –D “cn=Directory Manager” –w
dmpasswd –h ldaphostA –f new.ldif $
Where LDIF update statements specified in the new.ldif file are added to the LDAP
directory server, ldaphostA. The following is an example of LDIF update statements in
the new.ldif file:
Create the machine trust accounts 59