[Samba] SAMBA PDC

John H Terpstra jht at samba.org
Mon Dec 23 17:49:00 GMT 2002 

Kenneth,

You did not mention the samba version. Suspect you are using 2.2.x.
Did you apply the WinXP_SignOrSeal.reg registry update?
You will need to as XP defaults to this and samba-2.2.x does not support
it yet.

- John T.


On Mon, 23 Dec 2002, Kenneth Illingsworth wrote:

> I followed the procedure to configure SAMBA as a PDC as outlined in samba/swat.cgi/swat/using_samba/ch06_05.html on my Linux server. My domain name is COFRNY, and I expected a COFRNY.SID to be generated. However,   MACHINE.SID was generated instead. Furthermore, I cannot see the COFRNY domain listed within MS Networks on my XP workstation. Any ideas on what I did wrong?
>
> Here is the procedure in detail:
>
> [global]
> workgroup = COFRNY
> domain logons = yes
> security = user
> os level = 34
> local master = yes
> preferred master = yes
> domain master = yes
>
> ------------------------------------------------
> For Windows NT clients you must also ensure that Samba is using encrypted passwords:
>
> encrypted passwords = yes
>
> Furthermore, also exclusively for Windows NT clients, create Trust accounts which allow a machine to log in to the PDC itself. Create a "dummy" account in the /etc/passwd file with the following entry:
>
> city-f5pfa29xta$:*:1000:900:Trust Account:/dev/null:/dev/null
>
> Note that we have also disabled the password field by placing a * in it. This is because Samba will use the smbpasswd file to contain the password instead, and we don't want anyone to telnet into the machine using that account. Additionally, '1000' is the UID of the account for the encrypted password database.
>
> Next, add the encrypted password using the smbpasswd command, as follows:
>
> # smbpasswd -a -m city-f5pfa29xta
> Added user city-f5pfa29xta$
> Password changed for user city-f5pfa29xta$
>
> The -m option specifies that a machine trust account is being generated. The smbpasswd program will automatically set the initial encrypted password as the NetBIOS name of the machine in lowercase letters. When specifying this option on the command line, do not put a dollar sign after the machine name - it will be appended automatically. Once the encrypted password has been added, Samba is ready to handle domain logins from a NT client.
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba
>

-- 
John H Terpstra
Email: jht at samba.org

More information about the samba mailing list