[Samba] Creating domain users - how?

[Louis Nafziger]

Paul,

    I had similar problems, and this is a problem with the machine
account, not the user account.  The machine trust account should be
setup similar to the following, assuming a machine name of win2kname.

useradd -r -g trust -d /dev/null -s /dev/null win2kname$
smbpasswd -a -m win2kname

    Note that the $ is not required on the second command.

    This can also be caused if the win2k machine and the samba server
passwords are different on the machine trust account.  Note that you
should not normally change these, as when you join the domain, they will
be set automatically.  If this is the problem, you will need to leave
the domain on the win2k machine, and the delete the samba trust account
(i.e. smbpasswd -d -m win2kname).  Then re-create it (with smbpasswd -a
-m win2kname) and re-join the domain.  If all goes well, you should be
able to login!

Louis

> The problem is - how do I do it? It seems to be such an easy question
> but I've failed to find it in the documentation. (I'm trying to follow

> "How to Configure Samba 2.2 as a Primary Domain Controller" which I
was
> pointed to by SWAT.) I'm guessing the solution's obvious, but if so, I

> hope somebody can help easily.
>
> I've used samba for a few years (so I'm not a complete newbie), but
now
> I'm trying to use it as a PDC for the first time. It's a simple
network
> consisting of a Mandrake Linux 9.1 m/c acting as the DNS and PDC, and
a
> Win2K workstation. It's samba version 2.2.7. The samba configuration
> seems OK so far as SWAT is concerned and I've tried using a share
> successfully. The config includes the netlogon share as documented.
> I've successfully persuaded a Windoze m/c to join the domain.
> The Windoze m/c's name is in both /etc/passwd and
/etc/samba/smbpasswd.
> The dollar sign is at the end of the name in both cases.
> I've also added root in /etc/samba/smbpasswd.
> I've created a user (which I intend will be a domain user) in
> /etc/passwd and in /etc/samba/smbpassed.
>
> Now what? I don't know what to do next.
>
> What worries me is that there doesn't seem to be a way of telling the
> Windoze m/c what password you've entered for it on the PDC. Anyway...
>
> If I try to add the user in Win2K using "Control Panel/Users and
> Passwords/Add/Browse" and tell it to use the root user and password,
it
> successfully returns a list of users on the linux m/c, including the
> one I want to be a domain user. However, when I select my "domain"
user
> and proceed in the wizard I get the following error message:
> "The user could not be added because the following error has occurred:

> The trust relationship between this workstation and the primary domain

> failed."
>
> I've also tried ignoring the fact that I haven't told Windoze anything

> about this "domain" user. When I just try logging in as this user, it
> says:
> "The system cannot log you on to this domain because the system's
> computer account in its primary domain is missing or the password on
> that account is incorrect."
>
> I can post the smb.conf file if necessary.
>
> Thanks for any help...
>
> Paul
>
> =====
> L&K,Paul