Kenneth Illingsworth illingsk at cityofrochester.gov
Mon Dec 23 17:31:00 GMT 2002

I followed the procedure to configure SAMBA as a PDC as outlined in samba/swat.cgi/swat/using_samba/ch06_05.html on my Linux server. My domain name is COFRNY, and I expected a COFRNY.SID to be generated. However,   MACHINE.SID was generated instead. Furthermore, I cannot see the COFRNY domain listed within MS Networks on my XP workstation. Any ideas on what I did wrong?

Here is the procedure in detail:

workgroup = COFRNY
domain logons = yes
security = user
os level = 34
local master = yes
preferred master = yes
domain master = yes

For Windows NT clients you must also ensure that Samba is using encrypted passwords:

encrypted passwords = yes

Furthermore, also exclusively for Windows NT clients, create Trust accounts which allow a machine to log in to the PDC itself. Create a "dummy" account in the /etc/passwd file with the following entry:

city-f5pfa29xta$:*:1000:900:Trust Account:/dev/null:/dev/null

Note that we have also disabled the password field by placing a * in it. This is because Samba will use the smbpasswd file to contain the password instead, and we don't want anyone to telnet into the machine using that account. Additionally, '1000' is the UID of the account for the encrypted password database. 

Next, add the encrypted password using the smbpasswd command, as follows: 

# smbpasswd -a -m city-f5pfa29xta
Added user city-f5pfa29xta$
Password changed for user city-f5pfa29xta$

The -m option specifies that a machine trust account is being generated. The smbpasswd program will automatically set the initial encrypted password as the NetBIOS name of the machine in lowercase letters. When specifying this option on the command line, do not put a dollar sign after the machine name - it will be appended automatically. Once the encrypted password has been added, Samba is ready to handle domain logins from a NT client.

More information about the samba mailing list