Samba/NT Domain Logon Server

Steve Langasek vorlon at
Tue Sep 5 13:44:16 GMT 2000

On Mon, 4 Sep 2000, David Clark wrote:

> I am attempting to use a Samba 2.0.3 installation to share several items on
> a 99% NT network. After I set 'security = domain' and did the appropriate
> things for the machine to join the domain, all of my windows clients'
> passwords could not be validated by my PDC, which is an NT 4.1.
> I then changed the 'announce version' to 1.5, in hopes that the Samba
> machine would not win any sort of 'domain logon server' type election. That
> seemed to clear the logons up for the windows machines after about 30
> minutes. However, when I look at the nmb log file it still claims success on
> become a logon server for my workgroup. When checking with the server
> manager on the NT, it still listed itself as PDC. I have os level set to 0,
> and domain master set to 'no.' I am at home right now, so cannot include a
> copy of smb.conf. Any help would be appreciated!


You should make sure that you have 'domain logons' turned off in your smb.conf
file.  The only machines that should be accepting domain logons for a domain
are the PDC and any BDCs.  Since you're running 2.0.3 which doesn't have BDC
support, and you clearly /don't/ want this Samba box to be the PDC, you should
definitely get rid of the 'domain logons = yes' line you seem to have set in
your smb.conf.

There shouldn't be any need to twiddle 'announce version' or 'os level' after
that.  Indeed, 'os level' should be set fairly high, as Samba should always
win out over any Win9x boxes on your network.

Steve Langasek
postmodern programmer

More information about the samba-ntdom mailing list