W2K machine logon to a domain with Samba 2.2alpha3 PDC

Elliot Mackenzie s354199 at student.uq.edu.au
Fri Apr 13 05:16:31 GMT 2001


It looks like you've got your Windows machines pointing to the samba machine
when looking for a WINS server.  Unless you have setup Samba as a WINS
server (wins support= yes - and rtm), this may generate errors similar to
the one you pasted below.  It is possible the name resolution is causing
issues with your domain logons but without trying it I can only say it's not
likely as you seem to be able to join the domains successfully.  What is the
windows error you get when logging on?  (I'm specifically looking for
whether it complains about the "machine" account or the "user" account not
being valid)....

M.

-----Original Message-----
From: samba-ntdom-admin at lists.samba.org
[mailto:samba-ntdom-admin at lists.samba.org]On Behalf Of Nicholas Golder
Sent: Friday, 13 April 2001 2:34 PM
To: samba-ntdom at lists.samba.org
Subject: RE: W2K machine logon to a domain with Samba 2.2alpha3 PDC


I have tried the following with no success:
I removed the machine name from the passwd and the smbpasswd (I actually
recreated the smbpasswd).  I dropped the domain and then joined it again
with the same luck.  However, when I try to logon to the domain with an
account in the smbpasswd it gives me some message about the user not
existing in the domain.
What does this mean:
[2001/04/12 23:28:38, 0]
nmbd/nmbd_incomingrequests.c:process_name_refresh_request(181)
Error - should be sent to WINS server

Is there something wrong with my /etc/passwd file (FreeBSD 4.2)?
tronyx$:*:1000:1250:2000Machine:/dev/null:/usr/bin/false

Here is my smb.conf:

[global]
security = user
status = yes
workgroup = HIVEPORTAL
domain admin group = @wheel
domain master = yes
encrypt passwords = yes
domain logons = yes
logon script = scripts\%U.bat
guest account = ftp
share modes = no
os level = 65
[homes]
guest ok = no
read only = no
create mask = 0700
directory mask = 0700
locking = no
[netlogon]
path = /usr/local/samba/netlogon
writable = no
guest ok = no


<snip>
You may have tried to join the samba domain, had it happen successfully,
then for some reason tried to join it again.  This will put the trust
password out of sync.

Remove the machine account machine$ (whatever) from smbpasswd and passwd
(wherever it exists as my memory is not that good :) ).  Join the domain
again (recreating whatever machine accounts using the adduser script or
however you did it).  That might fix it...

Elliot.
</snip>

Any other suggestions?
----------------------------------
"Breaking stereotypes since 1977."
Nicholas Golder



-----Original Message-----
From: samba-ntdom-admin at lists.samba.org
[mailto:samba-ntdom-admin at lists.samba.org]On Behalf Of Nicholas Golder
Sent: Thursday, April 12, 2001 8:35 PM
To: samba-ntdom at lists.samba.org
Subject: W2K machine logon to a domain with Samba 2.2alpha3 PDC


I am using:
FreeBSD 4.2
Samba-2.2.0alpha3
Windows 2000 SP1

Problem:
I can't logon with a created account that exists on the Samba PDC with
Win2k.

I have installed Samba and configured it the way the PDC-HOWTO describes:
http://bioserve.latrobe.edu.au/samba/samba-pdc-howto.html
I have successfully joined the domain with the Win2k box.

When I try to logon using an account that is in both the /etc/passwd and
smbpasswd, I get an error message that the user account doesn't exist in the
domain [or some derivative of that].  When I try to add the users on the
Win2k box using the
account manager, I can see them in the domain and the users I have created
in smbpasswd but
can't add them.  I get the message:
The user could not be added because the following error has occurred:
The trust relationship between this workstation and the primary domain
failed.
How am I to:
a) establish a trust relationship between my workstation and the primary
domain?
-or-
b) make a config on the Win2k box so it doesn't require a trust
relationship?
Thanks in advance for you help,

----------------------------------
"Breaking stereotypes since 1977."
Nicholas Golder









More information about the samba-ntdom mailing list