How to allow a W2K machine join a domain with Samba 2.2alpha3 PDC

Elliot Mackenzie s354199 at
Fri Apr 13 01:35:03 GMT 2001

In alpha 3, you must specify the user root in your admin list.

In alpha 3, you can only use root and the root password to get a machine to
join the domain the first time (this is obviously different to logging on
when you can log on as any valid user in smb.conf).

domain admin group = @adm
in smb.conf

make sure root is in the system group adm.

If you followed the PDC HOWTO, then you would need to add a line similar to
add user script = /usr/sbin/adduser -n -g machines -c Machine -d
/dev/null -s /bin/false %m$
After manually creating the machines system group.

I am 90% sure that root must also exist in smbpasswd (I don't happen to have
access to my terminal from this machine :) ).

The problems I was having when I was trying to set up alpha 3 for the first
time were because of a corrupt smbpasswd file - I started from scratch,
added user root, and all was well :)

You need to stick the machine name in the /etc/passwd (you can do it
automatically using the line above) for a few reasons: samba becomes
whatever user you connect as (you don't want machines running around with
root acces for no good reason), and so samba can recognise and store the
machines registration information (what is negotiated between windows and
samba when you first join the domain).  There are probably other reasons
too, but I am just happy to accept that this is what I need to do to keep
samba running happily as a PDC - and it seems to be pretty stable too :)

Hope this helps,

-----Original Message-----
From: samba-ntdom-admin at
[mailto:samba-ntdom-admin at]On Behalf Of Patrick Goetz
Sent: Friday, 13 April 2001 9:58 AM
To: samba-ntdom at
Subject: How to allow a W2K machine join a domain with Samba 2.2alpha3

Hello -

Please pardon what might be an often asked question, but I haven't found
an answer in either "Using Samba", the HOWTO's, man pages, or by browsing
through the last 3 months of this list.

I've set up Samba 2.2alpha3 on a Debian linux machine to be a PDC:

     workgroup = UTMATH
     wins support = yes
     security = user
     status = no
     encrypt passwords = yes
   # PDC Stuff below
     os level = 65
     local master = yes
     preferred master = yes
     domain master = yes
     domain logons = yes

However, I can't get my W2K test machine to join the UTMATH
domain.  Whenever I try, I'm prompted for the username and password of "an
account with permission to join the domain".  The only user I currently
have set up in smbpasswd is myself, and it appears I'm not worthy, as when
I enter my user name and password I'm informed that

  "The account used is a computer account.  Use your global user account
or local user account to access this server"

The local administrator account doesn't work either, so question:

What kind of an account do I need to set up and where in order to add the
W2K machine to the UTMATH domain?

and while I'm at it...

Why do I need to add the machine name to the local /etc/passwd file?  If
anything, one would think that trust accounts would go in the smbpasswd
file; but from what I've seen on the list, the opposite is the
case; i.e. having the machine name in the smbpasswd file is a source of

More information about the samba-ntdom mailing list