[Samba] Adding Domain users to local Win2k Groups

Matt Lung matt.lung at midwest-tool.com
Tue Jan 21 12:22:01 GMT 2003


I have a RH 7.1 box running samba-2.2.4-2 acting as a PDC to our LAN. 
For the most part all our clients are 95/98 and NT 4. 
The problem I am experiencing is that when I want to add a Domain User 
to a local group on a Win2k box it gives me the error:

"unable to lookup user names for display."

Now, I can add myself (the one logged in) to the group on the Win2k box, 
but any other user I try to add gets that error message.  My user is a 
super user that is automatically given admin rights on the machine and 
it seems  I should be able to add more users than just me to the group 
just like on NT 4.  If I slide over to an NT 4 box and try the same 
thing... adding a Domain user to the local Power Users group other than 
my user it works just fine.  I can add as many as I please.   On the 
Win2k box if I have the Domain user log in one time and logoff I can 
then log in to the Domain as my superuser and add them to the group.  It 
seems to like the fact that they have logged into the workstation before 
I can add them.  On a side note... I have upgraded to samba-2.2.7 on a 
clone of that server and still have the same problems.  I would think if 
its not a problem doing it with NT 4 then you should be able to do the 
same in 2K.  Of course, thats not the case right now with my setup.  My 
question to anyone who can help me... is this this normal for 2K at the 
present time?  Or is there something else wrong that I need to fix?

Smb.conf output:

# Global parameters
       workgroup = XXX
       netbios name =
       server string = Samba PDC Server v.2.2.4
       encrypt passwords = Yes
       update encrypted = Yes
       min passwd length = 6
       passwd chat = *New*password* %n\n *Retype*new*password* %n\n 
       username map = /etc/samba/smbusers
       password level = 4
       unix password sync = Yes
       log file = /var/log/samba/log
       max log size = 0
       socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
       domain admin group = @ntadm
       add user script = /usr/sbin/useradd -d /dev/null -g 100 -s 
/bin/false -M %u
       logon script = %U.bat
       logon drive = H:
       logon home = \\%N\%U\%u
       logon path =
       domain logons = Yes
       os level = 65
       preferred master = Yes
       domain master = Yes
       dns proxy = No
       wins support = Yes
       hide local users = Yes
       admin users = administrator
       printer admin = @ntadm

       comment = Home Directories
       read only = No
       browseable = No

       comment = Network Logon Service
       path = /home/netlogon
       invalid users = bin adm daemon lp sync shutdown halt mail news 
uucp operator games gopher ftp gdm postgres vacation named rebound
       guest ok = Yes
       browseable = No

More information about the samba mailing list