[Samba] machine account with w2k

Heinz Allerberger allerberger at em.uni-frankfurt.de
Wed Sep 8 11:06:49 GMT 2004 

Dear Samba Friends,

I've a problem to join with Windows2000-Clients a Samba-PDC.
When I join the samba-pdc with a WinNT4.0-Client it is no problem, first 
I create a machine-account for the machine:
1. in /etc/group exists the group: machines:x:515:
2. useradd -g machines -d /dev/null -c nickname -s /bin/false neuch205$
3. pdbedit -a -m -u neuch205

In this way, it isn't a problem to join the PDC with WinNT4.0-Clients, 
only that I log in as Administrator into the Windows-machine and give in 
the domainname an,
then the client answers, without password-asking, I should reboot and 
the client joined successfully.

When I try to do the same, I get an asking for an password. Ok, for that 
I created the user "domadmin" on the Samba as a member of the "Domain 
Adminstrators", but this user is not accepted from the W2K-Client. I can 
not understand why not. Normally it should going on.

Please have a look of my documentation about this:

-- 
Heinz Allerberger
Systemadministrator
Zentrum Neurologie
Universitätsklinikum
Frankfurt am Main
Tel: 069/6301-4274
Fax: 069/6301-6842
Piepser 18-0455

-------------- next part --------------
# Samba config file
# allerberger at em.uni-frankfurt.de
# Date: 2004/09/03

# Global parameters
[global]
	unix charset = ISO8859-1
	workgroup = NEUROCH
	server string = %h server (Samba %v)
	
	preferred master = Yes
	domain master = Yes
	local master = yes
	os level = 33	# entspricht NT Server
	
	dns proxy = No
	ldap ssl = no

	security = user
	encrypt passwords = yes
	update encrypted = Yes
	obey pam restrictions = Yes
	passdb backend = tdbsam, guest
	passwd program = /usr/bin/passwd %u
	passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n .
	
	invalid users = root
	
	domain logons = Yes
	logon path = \\%N\profiles\%U
	logon drive = H:
	logon home = \\neuch240\%U\.winprofile
	logon script = logon.cmd

	add machine script = /usr/sbin/useradd -g machines -d /dev/null -s /bin/false -M %u
	add user script = /usr/sbin/useradd "%u"
	delete user script = /usr/sbin/userdel "%u"
	add group script = /usr/local/bin/smbgrpadd.sh "%g"
	delete group script = /usr/sbin/groupdel "%g"
	add user to group script = /usr/bin/gpasswd -a "%u" "%g"
	delete user from group script = /usr/bin/gpasswd -d "%u" "%g"
	set primary group script = /usr/sbin/usermod -g "%g" "%u"

	syslog = 0
	log file = /var/log/samba/log.%m
	max log size = 1000

	panic action = /usr/share/samba/panic-action %d

[netlogon]
	path = /var/lib/samba/netlogon
	read only = yes
	browseable = no

[profiles]
	path = /var/lib/samba/profiles
	read only = no
	create mask = 0600
	directory mask = 0700
	browseable = No

[homes]
	comment = Home Directories
	read only = No
	create mask = 0755
	browseable = No

[shared]
	comment = shared Directory
	path = /home/shared
	read only = No
	create mask = 0777
	browseable = no

[printers]
	comment = All Printers
	path = /tmp
	create mask = 0700
	printable = Yes
	browseable = No

[print$]
	comment = Printer Drivers
	path = /var/lib/samba/printers
-------------- next part --------------
Unix username:        neuch205$
NT username:
Account Flags:        [W          ]
User SID:             S-1-5-21-1656000120-2433418590-619812953-4006
Primary Group SID:    S-1-5-21-1656000120-2433418590-619812953-515
Full Name:            neuch205$
Home Directory:       \\neuch240\neuch205_\.winprofile
HomeDir Drive:        H:
Logon Script:         logon.cmd
Profile Path:         \\neuch240\profiles\neuch205_
Domain:               NEUROCH
Account desc:
Workstations:
Munged dial:
Logon time:           0
Logoff time:          Fri, 13 Dec 1901 21:45:51 GMT
Kickoff time:         Fri, 13 Dec 1901 21:45:51 GMT
Password last set:    Wed, 08 Sep 2004 10:26:17 GMT
Password can change:  Wed, 08 Sep 2004 10:26:17 GMT
Password must change: Fri, 13 Dec 1901 21:45:51 GMT
Last bad password   : 0
Bad password count  : 0
Logon hours         : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF

-------------- next part --------------
Unix username:        domadmin
NT username:
Account Flags:        [U          ]
User SID:             S-1-5-21-1656000120-2433418590-619812953-2000
Primary Group SID:    S-1-5-21-1656000120-2433418590-619812953-512
Full Name:
Home Directory:       \\neuch240\domadmin\.winprofile
HomeDir Drive:        H:
Logon Script:         logon.cmd
Profile Path:         \\neuch240\profiles\domadmin
Domain:               NEUROCH
Account desc:
Workstations:
Munged dial:
Logon time:           0
Logoff time:          Fri, 13 Dec 1901 21:45:51 GMT
Kickoff time:         Fri, 13 Dec 1901 21:45:51 GMT
Password last set:    Fri, 03 Sep 2004 11:18:37 GMT
Password can change:  Fri, 03 Sep 2004 11:18:37 GMT
Password must change: Fri, 13 Dec 1901 21:45:51 GMT
Last bad password   : 0
Bad password count  : 0
Logon hours         : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF

More information about the samba mailing list