How to allow a W2K machine join a domain with Samba 2.2alpha3 PDC

Elliot Mackenzie s354199 at
Fri Apr 13 01:45:37 GMT 2001

If you are getting an error like: "machine trust something something" - it's
been a while since I fixed this :) then make sure of a few things:
- When you restart all your daemons that there are no smbd or nmbd services
still running before you start them up again.  For some reason the init
script I was using didn't properly terminate all the services and it was
causing problems with domain logons.
- Secondly, make sure you are indeed running a good alpha 3.  I initially
had some problems with the CVS copy - nothing was reported, I just could not
log on to the domain.  I got the alpha 3 tarball off the website and it was
- Remove all your samba machine trust accounts (something$) from
/etc/passwd, clear out the machine accounts from smbpasswd (I deleted the
file and started from scratch).
- Make sure your firewalling rules aren't causing any problems (If you can
normally use samba OK this shouldn't be a problem).
- NOW restart all your smbd and nmbd services.... :)
- If you are using the adduser script rather than making the machine
accounts manually, then just add root to smbpasswd and join the domain from
the w2k macchine using the root passwd.  Reboot and w2k should be able to
log onto the domain (you will need a user in smbpasswd to log on, so create
one) :)  If you aren't using the script then you have to do this manually as
per the FAQ and HOWTO.
- Still having problems try the example smb.conf given in the HOWTO and work
it out from there.

This probably isn't the "proper" way to fix this but it worked like a charm
for me, and I haven't had any problems since.

-----Original Message-----
From: samba-ntdom-admin at
[mailto:samba-ntdom-admin at]On Behalf Of Nicholas Golder
Sent: Friday, 13 April 2001 11:27 AM
To: samba-ntdom at
Subject: RE: How to allow a W2K machine join a domain with Samba
2.2alpha3 PDC

I am assuming that you have added the machine name to the /etc/passwd file
and also to the smbpasswd file.  As far as I know, alpha 3 can only use the
root account to add the machine to the domain this also has to be added to
the smbpasswd file.  This is a link that seems to do the job to get the
machine added to the domain:
If this is new to you, here is the HOWTO:

If you can get your machine to logon to the domain after the joining the
domain, let me know.  This is where I am having problems.  I have posted to
this list about this problem but haven't had any resolution.

"Breaking stereotypes since 1977."
Nicholas Golder

-----Original Message-----
From: samba-ntdom-admin at
[mailto:samba-ntdom-admin at]On Behalf Of Patrick Goetz
Sent: Thursday, April 12, 2001 6:58 PM
To: samba-ntdom at
Subject: How to allow a W2K machine join a domain with Samba 2.2alpha3

Hello -

Please pardon what might be an often asked question, but I haven't found
an answer in either "Using Samba", the HOWTO's, man pages, or by browsing
through the last 3 months of this list.

I've set up Samba 2.2alpha3 on a Debian linux machine to be a PDC:

     workgroup = UTMATH
     wins support = yes
     security = user
     status = no
     encrypt passwords = yes
   # PDC Stuff below
     os level = 65
     local master = yes
     preferred master = yes
     domain master = yes
     domain logons = yes

However, I can't get my W2K test machine to join the UTMATH
domain.  Whenever I try, I'm prompted for the username and password of "an
account with permission to join the domain".  The only user I currently
have set up in smbpasswd is myself, and it appears I'm not worthy, as when
I enter my user name and password I'm informed that

  "The account used is a computer account.  Use your global user account
or local user account to access this server"

The local administrator account doesn't work either, so question:

What kind of an account do I need to set up and where in order to add the
W2K machine to the UTMATH domain?

and while I'm at it...

Why do I need to add the machine name to the local /etc/passwd file?  If
anything, one would think that trust accounts would go in the smbpasswd
file; but from what I've seen on the list, the opposite is the
case; i.e. having the machine name in the smbpasswd file is a source of

More information about the samba-ntdom mailing list