W2K machine in Samba2.2alpha3 domain: SUCCESS!

Patrick Goetz pgoetz at math.utexas.edu
Fri Apr 13 23:12:13 GMT 2001

Thanks to everyone from the list who pointed out the section of the
PDC-HOWTO I had overlooked; i.e. that currently only root (added to
smbpasswd) can allow a machine to join a domain.  I added root to
smbpasswd, and had no problem signing my W2K SP1 machine onto the domain
and then logging in as myself.  

Here are a couple of comments regarding advice I received and stuff I read
in the HOWTO.  My goal was to get it working with the minimum amount of
configuration cruft.  To this end, I discovered that:

I did not have to mention root in the domain admins; in fact, I don't
even, as far as I know, have domain admins set up in the configuration
file.  All I did was add root to smbpasswd.

I did not add the machine name (i.e. trust account) to the smbpasswd
file.  All I did was add machine$ to /etc/passwd and the smbpasswd file
was updated automatically when the machine joined the domain.  The only
thing I put in the smbpasswd file are user names (including root) I added
using smbpasswd -a.

Because the samba PDC and the W2K workstation are on different subnets, I
did make the samba machine the WINS server on the W2K workstation.  I'm
not sure this would have been necessary had the machines been on the same

Here is my complete smb.conf:
    workgroup = UTMATH
    wins support = yes
    security = user
    status = no
    encrypt passwords = yes
  # PDC Stuff below
    os level = 65
    local master = yes
    preferred master = yes
    domain master = yes
    domain logons = yes

    comment = The domain logon services
    path = /opt/samba/var/logon
    public = no
    writeable = no
    browseable = no

    guest ok = no

Now for some questions.

When I logged myself on to the W2K machine, my home directory was
automatically mounted and the workstation tried to load a profiles.pds
file from it.  Why did it assume that I wanted to mount my UNIX home
directory and further load a stored profile from it?

One of the HOWTOs insisted that I need to set up a [netlogon] share,
presumably for the purpose of storing roaming profiles.  The preceding
seems to indicate that this is not even being used, or is this
directory only there for the purpose of storing logon scripts.  Can anyone
clarify what [netlogon] is supposed to be all about?

Last question.  I would like all the network printers to be set up on the
workstations automatically when either the machine joins the domain or the
user logs on.  Using Samba has a few words to say about this, but does
this feature actually work, and if so, is it documented any place?

More information about the samba-ntdom mailing list