Initial testing

Tavis Barr tavis at
Fri May 15 03:15:51 GMT 1998

Thanks for looking at this.  So what is the DOMAIN.MACHINE.mac file?  A list 
of servers in the domain?  A list of workstations for which previous 
authentication can be trusted?  What's the format?  Do we have to create 
it if we use security = domain, or is it automatically created?


On Thu, 14 May 1998, Jeremy Allison wrote:

> Tavis Barr wrote:
> > I take it back.  It's no longer in the new version.  My machines are now
> > failing because I get errors like this for the domain server MARKOV when
> > I try to connect workstations to the domain:
> > 
> > Domain=[SOCIOLOGY]  NativeOS=[Windows NT 1381] NativeLanMan=[]
> > sesssetupX:name=[tavis]
> > get_trust_account_password: Malformed trust password file (wrong length).
> > domain_client_validate: unable to read the machine account password for
> > machine MARKOV in domain SAMBADC.
> > 
> You've got 'security=domain' set on the Samba machine you
> want to be a PDC, haven't you.
> The trust account password message is a giveaway.
> You should only set 'security=domain' if you're adding
> a Samba server into a domain as a *member* of a domain,
> not as the PDC.
> I'll add code to make smbd die if you have it set as 
> a PDC and 'security=domain' as people are obviously
> confusing the two.
> When Samba is a PDC there should be no DOMAIN.MACINE.mac
> file for the domain that Samba is serving as a PDC for.
> There will be a DOMAIN.MACINE.mac file on a Samba server
> acting as a server in a domain.
> There should always be a MACHINE.sid file.
> Delete the DOMAIN.MACINE.mac file, and change the
> 'security=domain' line to 'security=user' on the
> machine you want to act as the PDC.
> Jeremy.

More information about the samba-ntdom mailing list