Making Windows XP join a SAMBA domain in 5 minutes

published Mar 08, 2006, last modified Jun 26, 2013

How to get a Windows XP Professional or Server to join a SAMBA domain running on a Linux server.

Okay, let's move on with the Server management series. This time we'll learn how to make a Windows XP server join a SAMBA domain name server.

Print these instructions out and post them on a wall or a bulletin board in your office. If you have a sizable park of Windows computers to manage, learn them by heart. They may be very useful to you in the near future.

These instructions work if you're running a SAMBA domain server on Linux or any other UNIX, and your domain server is not using LDAP services to store SAM information, but the standard SAMBA TDB files.

Three steps are all that's required, if you have a properly configured SAMBA server (regrettably, out of the scope of this 5-minute topic).

Add the machine account on the server

Okay, time to do this. As root, on the console, add a UNIX user account, with the following command:

[root@amauta2 ~]# /usr/sbin/useradd 'machinename$'

That should create a UNIX user account that, by default, has a disabled password. So it won't be useable as an interactive shell or graphical login account. But, anyways, remember to replace machinename with the machine name you intend to set on the XP computer. Do note that the useradd command may be on a different directory than /usr/sbin on your computer.

Please note that the single quotes are relevant. Otherwise, they would be unprotected by the shell's variable replacing tendency.

Now run the following command:

[root@amauta2 ~]# smbpasswd -ma 'machinename'

This command actually creates the machine account on the SAMBA server.

Disable RequireSignOrSeal

According to a contributor, you can skip this step if you're using SAMBA 3 or higher. But if you aren't, then it's time to disable a setting that makes Windows XP complain when attempting to join a SAMBA domain. The famed RequireSignOrSeal.

Physically go to the Windows XP computer. Log on using an administrative account (Administrator comes to mind) on the local machine. Open the Registry editor (regedit.exe). Now open the key named:

My Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters

You'll see, on the right pane, a key named requiresignorseal. Double-click it and set the value data to 0. If it doesn't exist, create a key named requiresignorseal of type REG_DWORD and set it to 0.

Now, that machine is ready to join the SAMBA domain.

Configure the machine to join the domain

Open the Properties tab of My Computer. Click the Computer Name tab, and click the Change button.

The computer name should be the same as the name of the machine account you created in the first step. On the Member of: group, click Domain, and type the domain name you've configured in the SAMBA server.

Click OK. A password prompt will surprise you. Enter the root user name and the root password of the SAMBA server, and hit OK. In the few moments after you've hit OK, Windows XP and SAMBA will be negotiating the process of joining the domain.

f everything went OK, you'll see a Welcome to the XYZ domain popup. If something went wrong, you'll have a hard time figuring out what went wrong; the first place to go is the SAMBA log file.


Okay, that's it. You've successfully integrated one of the most pervasive unfree software packages to your trusty SAMBA server.

These instructions are bound to change in the future, as the SAMBA team continues to move aggresively towards LDAP. But, in the meantime, for small- to medium-sized businesses, the ideal SAMBA setup won't be needing LDAP magic anytime.

In case you want more information on the subject, there's always the Windows XP section of the SAMBA Client configuration HOWTO. That's all for today. Happy hacking!