[Samba] Samba as a NT PDC

Thu Oct 17 16:00:01 GMT 2002

On Thu, 17 Oct 2002, Adam Lang wrote:

> CARTER is the name of the linux Samba server that is the PDC.
>
> According to my documentation, I am suppsoed to do the following.
>
> 1) Create the Unix account:
>  /usr/sbin/useradd -c 'Samba PDC for CHERRY_HILL' -M -s /dev/null CARTER$

You do NOT need to do this for the domain controller. You need to
configure the correct settings in your smb.conf file. Please check out
the new configuration Wizard in SWAT that is in Samba-2.2.6 (released
yesterday).

You can find samba-2.2.6 on the samba FTP sites.

To access SWAT point your web browser at http://lcoalhost:901, log in as
root.

PS: When you add your workstations suggest you use:
	useradd -s /bin/false -d /dev/null carter\$

Note: Windows machine name is lower case.

>
> 2) Add a machine account
> smbpasswd -a -m CARTER

You do not need to add a machine account for the server that samba is
running on as the domain controller. If the samba server is a domain
member then you do require a machine account. Again, keep the machine name
in lower case for:
	smbpasswd -a -m carter

>
> 3) Add it to the domain (which it is the PDC of)
> smbpasswd -j CHERRY_HILL

If your samba server is the domain controller then you do NOT need to
(should not do) this. You only need to do this for all machines that will
be domain members.
	smbpasswd -r "pdc_name" -j "domain_name"

>
> I am NOT adding an XP machine in at this time.  I am setting up the PDC.  So
> yes, I DO know what the -j option is for.

Hope this helps you.

- John T.

>
> Adam Lang
> Systems Engineer
> Rutgers Casualty Insurance Company
> http://www.rutgersinsurance.com
> ----- Original Message -----
> From: "John Benedetto" <jbenedet at unm.edu>
> To: "Adam Lang" <aalang at rutgersinsurance.com>
> Sent: Thursday, October 17, 2002 10:51 AM
> Subject: Re: [Samba] Samba as a NT PDC
>
>
> > --On Thursday, October 17, 2002 10:21 AM -0400 Adam Lang
> > <aalang at rutgersinsurance.com> wrote:
> >
> > > I have started to modify to allow for the new XP machines we are having.
> > >
> > > I added CARTER$ (machine name) to the unix account.
> > >
> > > I added it with smbpasswd.
> > >
> > > I go to add itself to the domain (smbpasswd -j CHERRY_HILL) and I get
> this
> > > error:
> > > No password server list given in smb.conf - unable to join domain.
> > >
> > > Now it says password server should not point to itself in TFM.  I tried
> > > lookign through the archives and didn't find anything.  I am not sure
> what
> > > direction to go from here.
> > >
> > > Adam Lang
> >
> > Uh.... *why* are you executing the -j option in smbpasswd? Here is the
> > first paragraph from that section of 'man smbpasswd':
> > "  -j DOMAIN
> >    This option is used to add a Samba server into a Windows NT Domain, as
> > a  Domain member capable of authenticating user accounts to any Domain
> > Controller in the same way as a Windows NT Server.  See  the
> > security=domain option in the smb.conf (5) man page."
> >
> > According to your message, you are not trying to add your Samba server to
> > an existing Windows domain, you are trying to add a Windows XP machine to
>
> > your existing Samba domain.
> >
> > And, when you say:
> > > I added it with smbpasswd.
> >
> > *HOW* did you add it?  You would need to add the machine account, right?
> > That would be with "smbpasswd -a -m CARTER". Is that how you did it?
> >
> > If so, at this point, you now go the XP machine, and change the network
> > config there to have it join your Samba domain.
> >
> > >From traffic on the list, it also appears that you would need to run the
> > SIGNORSEAL registry key/setting/whatever (I am not yet running XP that I
> > have had to add to my Samba domain).
> >
> > - john
>
>

-- 
John H Terpstra
Email: jht at samba.org