[Samba] PDC Problems (read this the first one is incomplete)

Buchan Milne bgmilne at cae.co.za
Thu Oct 31 15:45:03 GMT 2002

Hash: SHA1

> Message: 3
> From: "Michele Santucci" <tux at shiny.it>
> To: <samba at lists.samba.org>
> Date: Thu, 31 Oct 2002 10:25:34 +0100
> Subject: [Samba] PDC Problems (read this the first one is incomplete)
> Sorry but I've posted an incomplete message before that:
> I've got a big problem with my PDC (Mandrake 8.2 with samba 2.2.5):
> when I try to join the domain from a W2KPRO (sp3) workstation the
> goes on well until it require to create a local account for a Domain user
> ... the system let me browse all
> the user account on the domain controller but when I try to add it reports
> this error:

Sorry, I just want to clarify, does it fail when adding a computer
account in the domain?

> "The trust relationship between this workstation and the primary domain is
> failed" (probably the english text is different but this should be the
> meaning since
> I'm traslating it from italian).
> In the machine specific log file if found this:
> [2002/10/31 10:14:32, 0] smbd/password.c:authorise_login(863)
>   authorise_login: rejected invalid user guest
> [2002/10/31 10:14:32, 0] smbd/password.c:authorise_login(863)
>   authorise_login: rejected invalid user guest

When you were trying to do what?

> I already set the w2k workstations to send non encrypted password to third
> parties smb server.
> I checked /etc/passwd, group and /etc/samba/smbpasswd file and they're
> correcly updated with machine and user accounts.

You cannot join a windows 2000 machine to a domain if you have set it to
use clear text passwords, and you smb.conf is set for encrypted passwords.

> Anyway these are smb.conf, group,passwd and smbpasswd interested rows:

Which show that you have successfully added machines with the name video
and gfx to the domain.

FYI, if you have any pre-sp3 machines, please test with those first ...

And, with the default smb.conf (such as
http://ranger.dnsalias.com/mandrake/samba/smb.conf), you only have to
uncomment about 10 lines to get a working smb.conf for a domain
controller (such as this file
http://ranger.dnsalias.com/mandrake/samba/smb-domain-controller.conf) on
any recent version of Mandrake linux.

Can you be more clear on exactly which "procedure" you are using?

And to answer Mike Rambo's replies, when samba runs in 'security =
user', add user script is used when samba creates a new machine account.
Mandrake ships with the following example for a domain controller not
using LDAP backend:

# Script for domain controller for adding machines:
; add user script = /usr/sbin/useradd -d /dev/null -g machines -c
'Machine Account' -s /bin/false -M %u


(PDC runs Mandrake 8.2 / samba-2.2.6).
- --
|----------------Registered Linux User #182071-----------------|
Buchan Milne                Mechanical Engineer, Network Manager
Cellphone * Work            +27 82 472 2231 * +27 21 8828820x121
Stellenbosch Automotive Engineering         http://www.cae.co.za
GPG Key                   http://ranger.dnsalias.com/bgmilne.asc
1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7
Version: GnuPG v1.0.7 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org


More information about the samba mailing list