Samba 2.2.2. and Win 2000 Domains Problem

[MCCALL,DON (HP-USA,ex1)]

Hi Snoopy,
I've had problems like this in the past, and based on your 
log file, the indication is that the machine account password
between the samba machine and the win2k machine is out of sync.
Instead of depending on the smbpasswd command to CREATE the 
machine account on the w2k server, do the following instead:
1. stop samba
2. go onto the wk2 machine and get to the microsoft console 
plugin for users and computers, and RESET the machine account
for the samba machine.  Also make sure that the box that says
'allow pre-win2k machines to use this account' is checked.
THEN use
smbpasswd -j domain -r pdc-name

and see if this doesn't work for you.
Hope this helps,
Don

-----Original Message-----
From: Snoopy [mailto:snoopy at datadragons.de]
Sent: Thursday, January 10, 2002 5:14 AM
To: samba at lists.samba.org
Subject: Samba 2.2.2. and Win 2000 Domains Problem


Dear friends,

I have encountered a problem with Samba 2.2.2 (on Solaris 8, mandatory
patches installed). 

Samba works well with security=user on our SPARC called sunny but then I
try to get security=domain to work.

So I followed the instructions in the html files, notably create a machine
account for sunny using smbclient -j COMLAB -r roticos -U Administrator -
this prompted me for the Administrator passwd and it worked fine. The
secrets database was created, a SID file also appeared under
/usr/local/samba/private. Roticos is the PDC (Win 2000, SP2) for the COMLAB
domaiin.

Indeed the machine "sunny" i.e. our Solaris Sparc appeared in Win 2ks User
and Computer Manager. You can click it and it does open. However *none* of
the Samba shares are visible and when you try to connect from roticos to
sunny (logged into roticos as administrator) the first attempt does not
work (obvious, no administrator UNIX account on sunny), but then when I try
to connect as a different user (as the pop up opens) then I also get a
failure.

I have included the log files log.smnbd and log.roticos - the client in
this case as well as my smb.conf.

I think I might be doing something simple wrong. I am confused if I should
use winbindd - well at the moment my users do not mind having a passwd and
account on Solaris and are used to it from the older Samba and I honestlay
would prefer not messing around with PAM etc. on Solaris. 

I thought that security=domain would be a good compromise - I would not
have to mess around with PAM and the users would be able to easily access
samba because Samba could get at their credentials via the PDC - or do I
have the wrong picture here ?

I have the nagging feeling I am doing something wrong or am totally
confused - can anyone put me right ? This is my 50th Samba but I am used to
the older versions and this is quite new to me. 

Thank you very much.

Love
Snoopy