[Samba] samba domain controller + Windows 2000

Drew Boyles drew at engr.msstate.edu
Tue Dec 17 19:30:02 GMT 2002

I have a Linux machine running Samba 2.2.1a (dated, I know) as a domain controller for Windows clients (NT and 2000).  I can add NT machines to the domain just fine; I use useradd and smbpasswd to generate the appropriate entries, and it works fine.  I tried doing the same thing with a couple of 2000 (SP3) machines, and although I'm allowed to join the domain, after rebooting and trying to log in to the domain, I get this error:

"the system cannot log you on to the domain because the system's computer account in its primary domain is missing or the password on that account is incorrect"

The entries in the passwd files look like this (me4151 is the computer's name):

/etc/passwd:me4151$:x:5013:501:Machine Account:/dev/null:/bin/false
/etc/samba/smbpasswd:me4151$:5013:19BBAA8B3D38DCD6DEFDF3EBF955A1E3:D5B6485D4C87A37D5458069DDA4E126E:[W          ]:LCT-3DFF6C01:

I've also added this line to my smb.conf to allow the creation of the machine account when adding the computer to the domain on the Windows side:

add user script = /usr/sbin/useradd -d /dev/null -g 501 -c 'Machine Acco
unt' -s /bin/false -M %u

It seems to work (the passwd and smbpasswd entries are generated), but the result (error message when I try to log on) is the same.

I do find entries such as the one below in the me4151.log file:

[2002/12/17 12:10:03, 0] smbd/reply.c:reply_sesssetup_and_X(898)
  restrict anonymous is True and anonymous connection attempted. Denying 

After seeing that, I changed "restrict anonymous" to no, restarted the smb service, and it allowed me to log in.  Of course, I'd much prefer to leave that option on "yes".

That's all the relevent information I can think of.  Any help in solving this problem is appreciated.

Drew Boyles
drew at engr.msstate.edu 

More information about the samba mailing list