Success with win2k client and Samba 2.2.1a PDC

David Wilk admin at
Tue Sep 25 15:52:03 GMT 2001

Hey guys,

I've posted lot's of questions to lists in the past and have usually
wound up successfull (with linux it's usually a matter of figuring out
what *i'm* doing wrong) but haven't contributed back too much.

So, I posted here asking how the hell I could get Samba 2.2.1a to allow
win2k clients to join the domain it was PDC for.

So, if you follow the FAQ in the docs directory in the source for samba-
2.2.1a, it's mostly correct.  First, no matter what I put in 'domain admin group'
that user was not allowed to join the domain.  

win2k would say invalid username or password and the smbd log would say that
it didn't have priviledges to open smbpasswd (makes no sense to me either).

so, I added root to smbpasswd with (smbpasswd -a root) giving the same
passwd as what's in /etc/passwd.

This still didn't work.  Win2k complained of an incorrect network password
and the smbd log complained that it couldn't become the requested user. 
(this didn't make sense to me either.. starting to suspect some bugs...)

Now, the FAQ says you can add machine accounts manually *or* do it automatically.
well, as far as I'm concerned it will only work if you set it up to add them
automatically.  Here's what to add to smb.conf:

   add user script = /usr/sbin/useradd -d /dev/null -g 100 -s /bin/false -M %u

Now, when trying to join the domain from a win2k (SP2) client as 'root' it
works.  It might take a while, but it works.  At least it did for me.

I hope this helps anyone struggling with this problem.  Feel free to email
me any questions ya got.

remember, anything is better than having to actually admin a winblows box. : )

have fun.

David Wilk
System Administrator
Community Internet Access, Inc. (It's history)
dwilk at

More information about the samba-ntdom mailing list