(Was Caution Stoopid Newbie) - A better (Longer) explanation

[Mark Haney]

Okay, now we are getting somewhere.  Here's the best explanation that I can
come up with not knowing the domain names, etc.  The first thing I notice is
you changed the domain of the NT machine.  Was it the _domain_ name or the
_machine_ name?

Second, if it is the _domain_ name, DON'T change it.  That really really
will screw up the registry of the PDC.  I have seen the very problem before.
Yes, the domain name was in use, but I bet if you change it in samba to
something and try the original NT domain name back on the NT box, it will
still probably complain about the name being in use.  I have seen it both
ways, but my advice is  to not change the NT  domain name at all.  It's okay
to just shut that machine down, but don't change the name and don't try to
make it a member server of another domain without either re-installing NT
(yeah I know) or using something like UPromote to make the necessary reg
changes.

And, while I have never had to do this before, I am thinking you will need
to remove the samba box from the original domain before you make it a PDC.
I don't have any experience with that scenario, so I don't know if that
really applies.  It seems to me that even though the samba box is acting
like a PDC, that it's still looking to the NT PDC for authentication.

I have seen this problem in similar situations in NT with member servers of
one domain being made a PDC in another domain using UPromote you still have
to remove it from the domain before promoting it. As far as i can tell it's
some sort of bizarre registry (I would call it a bug, but maybe it's a
feature?) issue.

Also, do you still have _any_ references to the original NT PDC still in
your smb.conf?  Such as WINS, etc?  I hope this helps and doesn't lead to
more flames.  :)
-----Original Message-----
From: samba-ntdom-admin at lists.samba.org
[mailto:samba-ntdom-admin at lists.samba.org]On Behalf Of Jet Set Willy
Sent: Thursday, April 05, 2001 5:46 AM
To: samba-ntdom at samba.org
Subject: (Was Caution Stoopid Newbie) - A better (Longer) explanation


Well after all this not sure I dare post again
but seeing as though I have got some new
flameproof underwear here goes :-)

Firstly thanks for all the replies - they are
all really a great help - useful advice and
kept me smiling while fighting with this. So
I'll attempt to collate everything, hopefully
explain where I am up and what I am trying
to do more clearly and , of course, ask
some more questions.

My network is at home and serves no purpose other
than for me to try and learn a thing or two so it
is not mission critical - having said that it has
taken me quite a while to set the thing up and I
woudn't want to break everything in one go.

So there are 4 machines - all old obsolete kit but
still pretty good or at least good enough for me.
1) Mandrake 7.1 - with samba set up
2) NT 4.0 - currently the pdc
3) Win 98 machine
4) Mandrake 7.2 - not important (yet - hopefully will
be used to build/test the latest version of samba etc)

Current Situation:
I boot the 98 machine - it comes up
with the login box I enter my user name, password
and domain as specified by the NT box. (The NT machine
has been set up as the PDC for my domain) I can then
access the shares on the NT and linux machine without
any problem. (I have set up samba to map the NT user
names to samba user names [see question 1])

Where I am trying to get to:
I want to remove the NT PDC stuff from the equation.
I will probably still keep the machine on my network
just not as the PDC - I want to get the linux machine
to do this. ie I boot up my win98 machine and enter
my user name, password and domain - samba then
checks this and either allows or denys access [see
question 2] to its shares and the shares on the NT box.

What I have done so far:
I entered the details specified by Michael McEldowney in my smb.conf I
also added one extra that I found in the docs somewhere
os level = 65 (I think it was os level - haven't got my smb.conf) I also
created a netlogon share and a script that just echo'd a few lines so
that I could check it and set up the logon script paramter.
(I did this via swat but I guess this doesn't matter - I did check them
via emacs & testparm several times) restarted smbd and nmbd.
I then changed the domain name of the NT machine and shut it
down. I rebooted 98 machine and tried to "log in" or
"authenticate myself" I tried both my original windows NT
user name and the one for the linux machine to no avail.
Always got the message "no domain controller could be found
or the password is wrong" and I'm certain the password is correct.
Bizarely if I boot up the nt machine it worked which suggested
that I need to do something other than just changing the domain
name for the NT machine. (The 98 machine *was* trying to log in
to the domain specified in the smb.conf workgroup section which
*is* different to the one newly changed onthe NT machine) Given
that it was approaching 1am and I need all the beauty sleep I can
get I thought I'd forget it and have another go tonight so I went
back to the NT machine and tried to change the domain back to its
original (and still in use by samba) however it wouldn't let me
change it back complaining that it was already in use which of course
it was and suggests that I was closer to getting it working
than I thought. [see question 4]


What I haven't done:
*Remembered to bring my copy of the smb.conf file in
so that I can post it here :-(


question 1: Are Samba users different to the linux/machine users ?

question 2: Sorry I am NOT deliberately trying to wind people up
but I'm still not sure of my terminology is this authentication or logon ?

question 3: Philip Mayers wrote/copied from the man page "Note  that
Win95/98 Domain logons are NOT the same as Windows  NT  Domain  logons."
Dare I ask what the difference is or should that be where can I find
something
to read that will tell me what the differences are ?

question 4: So I guess that you guys really need my smb.conf file
which I'll get tonight & post tomorrow but without that essential
bit of info can anyone shed any light ? Am I trying to do the
impossible or I am just a stoopid newbie who will work it out
in the near future ?