Adding NT Workstations to a SAMBA-controlled domain

Brent russell russell at physics.otago.ac.nz
Fri Jan 30 22:56:40 GMT 1998 

Hello everyone,

        Sorry to join the list and immediately post a query, but I've just
started using SAMBA this week on a machine that needs to be set up by the
end of this weekend, and I've been unable to make it do a fwe things I need
it to do with 1.9.18p2!

Before I get flamed, I have read all the docs, searched the digests etc.
That doesn't mean I necessarily understood it all, but there were a few
areas where I was unable to see exactly what to do.

Firstly, I have a linux box with two ethernet cards.  One on a net-provider
side, the other on a subnet 192.168.0.254/24.  On the subnet side there is
currently one windows NT box (don't worry, there will be more!).  My goal is
to have samba provide file-sharing for users of the NT boxes, domain
control, and WINS. The workgroup is called KAVANAGH, the server VATICAN, and
the NT box TEST.  The net provider side has dns entry "pope.blah.net".  I
have run into two seperate problems, one when TEST was a win 95 box, and the
other when it was NT.  Win95 first

With Win95 installed, everything worked grand from the client side.  I could
log into the domain, see my shares, access them etc etc etc...  However, two
things didn't work.  Firstly, if I selected wins, and pointed it at VATICAN
(samba) (192.168.0.254), then rebooted, wins was disconnected.  Looking at
the logs showed that wins started, and it connected to the subnet name
WINS_SERVER_SUBNET [debug=10 :) ] - first problem, shouldn't that be
broadcast address 192.168.0.255 (or does 0.0.0.0 map to both 192.168.0.255
and 192.168.0.254 to provide wins on all previously defined subnets?)

making subnet name:192.168.0.254 Broadcast address:192.168.0.255 Subnet
mask:255.255.255.0
making subnet name:UNICAST_SUBNET Broadcast address:192.168.0.254 Subnet
mask:192.168.0.254
making subnet name:REMOTE_BROADCAST_SUBNET Broadcast address:0.0.0.0 Subnet
mask:0.0.0.0
making subnet name:WINS_SERVER_SUBNET Broadcast address:0.0.0.0 Subnet
mask:0.0.0.0

Also, wins seemed to initialise fine - eg

add_name_to_subnet: Added netbios name VATICAN<00> with first IP
192.168.0.254 ttl=258921 nb_flags=46 to subnet WINS_SERVER_SUBNET
initialise_wins: add name: TEST#03 ttl = 222648 first IP 192.168.0.1 flags = 64
add_name_to_subnet: Added netbios name TEST<03> with first IP 192.168.0.1
ttl=222648 nb_flags=64 to subnet WINS_SERVER_SUBNET

perhaps related to this problem, on reading DIAGNOSE.txt, I tried all tests
in there, including "nmblookup -B test '*'" from the samba server.  Samba
was unable to locate the IP of test - that is unless it was explicitly
mentioned in /etc/hosts.  This is odd, considering samba was a wins server
and a local browse master, which the logs showed had registered the name
TEST.  Note that this fault was still evident even if I turned WINS off on
samba.

Windows NTWS 4.0

My first hurdle here is adding an NTWS4.0 machine to the domain.  Perhaps my
first hurdle is compiling samba with Encryption support.  Neither the manual
pages or docs seem to explicitly state how to do this.  what switch do I
add?  The flags I've added to Makefile are: FLAGS1 = -DSYSLOG -DNTDOMAIN
-DSMBGETPASS.  I had to take out -O for my linux (Slakware 3.4.0, 2.0.33) -
what else do I need to do?  

Ok, assuming I've compiled OK, I've created smbpasswd in
/usr/local/samba/private using mksmbpasswd.sh, and set a few passwords.
NTDOMAIN.txt says to..

3) [ for each workstation, add a line to smbpasswd with a username of MACHINE$
     and a password of "machine".  this process will be automated in further
     releases.  lkcl02nov97 - done, as of 1.9.18alpha11!  added new options
     "domain hosts allow/deny" too :-) ]

So I've tried to:

a) test::machine:
b) test::machine:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:
c) test::machine:machine:
d) adding user test, then "msbpasswd test machine" (Oh, I may have been
trying alpha14, which accepts the password on the command line - neat
automation feature that :)

Also, this process is said to be automated for alpha14 (which I also tried)
- how is it automated, and how does it work?

The error I get is:

NT Password did not match ! Defaulting to Lanman

I ssume this is because either I don't really have Passwd Encryption
working, or I don't know how to modify the smbpasswd file.  I still never
fixed the WINS server problem, or the browsing from samba to TEST though.
Could these be related?

My smb.conf is:

[global]
password level = 10
   workgroup = samba
   netbios name = vatican
   server string = Samba Server
   hosts allow = 192.168.0.
   domain sid = S-1-5-21-666-666-666-666
   load printers = no
  guest account = guest
   log file = /usr/local/samba/var/log.%m
   max log size = 50
   security = user
  encrypt passwords = yes
   interfaces = 192.168.0.254/255.255.255.0
   bind interfaces only = True
   local master = yes
   os level = 66
   domain master = yes
   preferred master = yes
   domain logons = yes



If you made it thus far, thanks for reading.  I desperately need this going
by yesterday, and have spent 4 days trying to get this going already -
fiddling everything!  Someone is probably going to tell be I need to add a
semicolon somewhere *grin*.  

I'm also only on the DIGEST at the moment, so it would be appreciated if the
kind soul solving all my worldly problems could CC: to
russell at physics.otago.ac.nz

Cheers all,

        Brent.
---------------------   
Physics Department,            
Otago University,
P.O. Box 56,             
Dunedin,    
New Zealand.  
+64 03 479-7801 work      
       453-4403 home    
---------------------

More information about the samba mailing list