Logging into Windows 2000/sp2 with Samba PDC

Geoffrey Dolman Geoffrey.Dolman at cimr.cam.ac.uk
Sun Dec 16 10:35:03 GMT 2001


I am having problems logging into a Windows 2000 client in a samba domain.

I have added a root account using smbpasswd -a, a machine account to
/etc/passwd with a $ appended to the end and home space and shell set to
/dev/null and /bin/false.
Then I added this machine to smbpasswd with smbpasswd -a -m machine_name.

Having done this I restarted samba and logged into windows. I changed from a
workgroup to the relevant domain and after about two minutes of egg-timer I
got a message welcome to the test4 domain - you must reboot for changes to
take effect etc.

After I rebooted I tried to logon to the domain using the root account I had
setup. I got an error message saying that the computer account did not exist
on the domain etc that other people have posted about.

At this point I figured that at no point had I told windows what password to
use when authenticating itself to the domain so I ran smbpasswd -n
machine_name$ to set the computer password to null and then allowed (against
better judgement) null passwords in smb.conf.

I rebooted windows and tried to login to the domain the same as before with
the result that I was told you cannot login to the test4 domain now because
it is not available. I checked with tcpdump and network connectivity is
*not* the problem.

If I log into the pc with a local account I can browse the domain in
net'hood and I can map a network drive passing over one of the usernames eg
root that I have setup.

I have tried this several different times using different domain names and
different client account names. All with the same result.

I have read through the faqs, how-tos etc and months worth of list messages
but can't find an answer to this particular problem.

Can anyone help please?

Here is my smb.conf

	workgroup = TEST4
	server string = test4
	encrypt passwords = Yes
	update encrypted = Yes
	null passwords = Yes # I'd rather not have this
	username map = /map # /map says root = root. This does not appear to
help/make any diff
	unix password sync = Yes
	log level = 3
	log file = /var/log/samba/log.%m
	large readwrite = Yes
	time server = Yes
	domain admin group = root @wheel
	add user script = /usr/sbin/adduser %m
	domain logons = Yes
	os level = 255
	preferred master = True
	domain master = True
	wins support = Yes
	admin users = root
	hosts allow = 192.168.0.

	username = %S
	read only = No
	only user = Yes

	path = /tmp/netlogon/
	read only = No

This is only a test machine so I'm not bothered about shares and printers
and stuff. I just want the pdc emulation to work so I know what to do on the
real server which is currenlty only supporting a workgroup.
Other details

Windows version: 2000 Professional sp2 (all recent patches installed)
Server: Red Hat 7.2 kernel 2.4.7-10
samba 2.2.2 (but I had the same problems with 2.2.1a supplied out of the can
with Red Hat - yes I did remove 2.2.1a before installing 2.2.2)

Many thanks

Geoff Dolman

More information about the samba-ntdom mailing list