[Samba] Creating domain users - how?

Louis Nafziger louisn at aip-usa.com
Wed Jul 16 12:20:48 GMT 2003


	That is correct.  There is no setup at all required *for the user* on
the win2k machine.  Once it is part of the domain, assuming that it is
setup properly and can communicate with the domain server at login time
(machine passwords are correct, etc.) then a user does not have to exist
on the local machine in order to login.

	The error message that you are getting refers to the computer account,
and not the user account as causing the problem, so it indicates a
problem with the machine account.

	Please respond to my email address (and CC the list if you want) if you
have further questions as I don't always have time to keep up with the
mailing list.

louisn at aip-usa.com

> Louis,
> Thanks for your response.
> I thought I'd done what you said, but armed with your experience I'll
> get out of the domain, undo the server side changes and start again
> being more careful this time.
> Sorry to seem dim, but can you just confirm that (once I've done the
> rest properly) all I have to do to add a domain user to the domain is
> to add it on the PDC as both a linux and an smb user? (i.e. nothing to
> do from a Win2K client m/c)
> Paul

> The problem is - how do I do it? It seems to be such an easy question
> but I've failed to find it in the documentation. (I'm trying to follow

> "How to Configure Samba 2.2 as a Primary Domain Controller" which I
> pointed to by SWAT.) I'm guessing the solution's obvious, but if so, I

> hope somebody can help easily.
> I've used samba for a few years (so I'm not a complete newbie), but
> I'm trying to use it as a PDC for the first time. It's a simple
> consisting of a Mandrake Linux 9.1 m/c acting as the DNS and PDC, and
> Win2K workstation. It's samba version 2.2.7. The samba configuration
> seems OK so far as SWAT is concerned and I've tried using a share
> successfully. The config includes the netlogon share as documented.
> I've successfully persuaded a Windoze m/c to join the domain.
> The Windoze m/c's name is in both /etc/passwd and
> The dollar sign is at the end of the name in both cases.
> I've also added root in /etc/samba/smbpasswd.
> I've created a user (which I intend will be a domain user) in
> /etc/passwd and in /etc/samba/smbpassed.
> Now what? I don't know what to do next.
> What worries me is that there doesn't seem to be a way of telling the
> Windoze m/c what password you've entered for it on the PDC. Anyway...
> If I try to add the user in Win2K using "Control Panel/Users and
> Passwords/Add/Browse" and tell it to use the root user and password,
> successfully returns a list of users on the linux m/c, including the
> one I want to be a domain user. However, when I select my "domain"
> and proceed in the wizard I get the following error message:
> "The user could not be added because the following error has occurred:

> The trust relationship between this workstation and the primary domain

> failed."
> I've also tried ignoring the fact that I haven't told Windoze anything

> about this "domain" user. When I just try logging in as this user, it
> says:
> "The system cannot log you on to this domain because the system's
> computer account in its primary domain is missing or the password on
> that account is incorrect."
> I can post the smb.conf file if necessary.
> Thanks for any help...
> Paul
> =====
> L&K,Paul

More information about the samba mailing list