[Samba] samba as PDC with w2k clients

Neil Muller neil at neologix.net
Wed May 22 04:00:03 GMT 2002 

The machine trust account has to be created for both linux and samba 
without a password or home directory and will have a null shell. Doing 
it manually as root use (note: dollar signs ($) are important - samba 
uses the $ sign to identify that it is a machine trust account)...

root# /usr/sbin/useradd -g 100 -d /dev/null -c "machine nickname" -s 
/bin/false machine_name$
root# passwd -l machine_name$
root# smbpasswd -a -m machine_name

Also make root a samba user and set your  "domain admin group = root". 
When you add the w2k machine to the samba domain use root and your samba 
root password as the user account to authorise joining the domain.

Instead of manually adding the machine trust account as above you should 
be able to have samba create them for you (more secure than manual 
version above) by adding the following to your smb.conf global section...

add user script = /usr/sbin/useradd -d /dev/null -g 100 -s /dev/false -M %u


Neil


Sam Barasch wrote:

> Dear plugbert,
>
> try using this command
>
> smbpasswd -a -m machine1$
>
> Double check that the machine name has a $ at the end of it in 
> /etc/passwd.
>
> -Sam
>
>
>
> At 06:19 AM 5/21/2002 -0700, plug bert wrote:
>
>> Hello!
>>
>>    A good day to you all. i'm trying to set up
>> samba(2.2.3a, right out of the rh7.3 cds) as a PDC.
>> i've already read through the Samba-howto collection,
>> and am confident that i've put in all the necessary
>> samba options.
>>
>> /etc/samba/smb.conf:
>>
>> [global]
>> netbios name = pdc1
>> workgroup = testing
>> security = user
>> domain logon = yes
>> domain master = yes
>> local master = yes
>> domain admin group=@admins
>> encrypt passwords = yes
>> smb passwd file = /etc/samba/smbpasswd
>> unix password sync = yes
>> pam password change = yes
>> logon script = logon.bat
>>
>> [netlogon]
>> path = /home/netlogon
>> writable = no
>> write list = @admins
>>
>>     i have also created the necessary machine and user
>> accounts in /etc/passwd and /etc/samba/smbpasswd:
>>
>> useradd machine1$
>> smbpasswd -a -m machine1
>>
>>
>>    However, i keep getting this error in log.smbd
>> whenever i try to add my 2k pro client:
>>
>> rpc_server/src_samr.c: api_samr_set_userinfo(670)
>> api_samr_set_userinfo: Unable to unmarshall
>> SAMR_Q_SET_USERINFO
>>
>> passdb/pdb_smbpasswd.c: pdb_getsampwrid(1416)
>> unable to open passdb database
>>
>>    Any suggestions as to the cause of the problem?
>> Thanks in advance.
>>
>>
>>
>>
>>
>>
>>
>> __________________________________________________
>> Do You Yahoo!?
>> LAUNCH - Your Yahoo! Music Experience
>> http://launch.yahoo.com
>>
>> -- 
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  http://lists.samba.org/mailman/listinfo/samba
>
>
>

-- 
Neologix Pty Ltd
ABN     89 080 124 965
www:    http://www.neologix.net
email:  neil at neologix.net
mob:    0408 977 976
office: +61 2 6287 5900
fax:    +61 2 6287 6911

More information about the samba mailing list