Create SAMBA Domain

1. Create a Domain Administrator Account on Domain Server

smbldap-useradd -a -c "Domain Administrator" -d /home/domadmin -g 512 -m -s /bin/bash -H [UHX] -N "Domain Administrator" -P domadmin

2. Grant user domadmin Domain joining rights

net rpc rights grant domadmin SeMachineAccountPrivilege -U domadmin

3. join XP machine to domain

Control Panel-> System -> Network Identification -> Enter Domain Name, then enter user/pass for domadmin

                 must be done twice, 1st error "Benutzername konnte nicht gefunden werden, 2nd time it works

3a. join WINDOWS 7 machine to domain

Change

           HKLM\System\CCS\Services\LanmanWorkstation\Parameters
           DWORD  DomainCompatibilityMode = 1
           DWORD  DNSNameResolutionRequired = 0
           (In Effect immediately, no restart required)

like 3) also twice.

       TODO: check why join domain twice

CREATING Domain Users:

4. Grant user domadmin user modification rights

net rpc rights grant domadmin SeAddUsersPrivilege -U domadmin

5. Log on onto domain as domuser

6. add an user to the domain

net user add donald test /add /domain

 ( add user script in this case was : /usr/sbin/smbldap-useradd -B 1 -m "%u" )
 - TODO : check samba's Domain Users Group membership
 - TODO : check why -B 1 doesn't work (change password on 1st logon)

7. Log on as the new user

TODO : check why with ldapsam:trusted machine accounts still wont get their credentials