[Samba] Add workstation to Samba PDC

John H Terpstra jht at samba.org
Tue Dec 17 21:10:02 GMT 2002

On Tue, 17 Dec 2002, Kenneth Illingsworth wrote:

> I configured SAMBA as a stand alone PDC.

Not wishing to doubt that you belive this to be the case, but the smb.cofn
file below says "security = DOMAIN", which means that you have configured
it to be a member of a pre-existing NT Domain. ie: Your samba server is
NOT a domain controller - it is a domain member.

PS: A Stand-alone server is one option, but a domain controller that
stands alone makes no sense! Why have a domain controller that does no
domain control?

So I guess you really did mean: A domain member server!

IF what you really want is for Samba to be the domain controller then in
smb.conf [globals] you need:
	security = USER

also, delete:
	password server = *

And, do you really want to allow domain access if someone does NOt have a
valid password or account???? Wow!

> However, when I try to add a workstation via its system properties
> dialog, the workstation tells me that the account I specified does not
> have the right to add workstations to the new domain.

That is expected. Your samba server is configured as a domain member and
NOT as a Domain Controller - so it does not have the ability to add a
workstation to the domain.

> I created the account via SWAT Passwords, and it showed up in the
> smbpasswd file ok. There is a Linux account with the same name that has
> the same group memberships as the root account. But, I cannot see how to
> give it this specific right.  I would be grateful for any direction in
> this matter.

> Thank you in advance for your time.

Hope this helps.

- John T.

> ---------------------------------------------------------------------------------------------------------
> [global]
>         workgroup = COFRNY
>         netbios name = COFR3
>         server string = Samba %v  PDC on (%L).
>         interfaces =
>         security = DOMAIN
>         update encrypted = Yes
>         map to guest = Bad User
>         password server = *
>         smb passwd file = /usr/local/samba/private/smbpasswd
>         log file = /var/log/samba/%m.log
>         max log size = 0
>         load printers = No
>         domain admin group = @wheel
>         logon script = %U.bat
>         logon drive = H:
>         domain logons = Yes
>         os level = 64
>         preferred master = True
>         domain master = True
>         wins server =
>         remote announce =
>         admin users = @wheel
>         printer admin = @ntadmin
>         read only = No
>         printing = lprng
>         delete readonly = Yes
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba

John H Terpstra
Email: jht at samba.org

More information about the samba mailing list