Jonathan Johnson jon at sutinen.com
Tue Apr 12 06:19:02 GMT 2005

I'm guessing this happened:

You are using passdb backend = tdbsam.

You converted from one security mode (standalone) to another (domain 
controller) AFTER creating those users. The users that were created 
before the Samba server was configured as a domain controller exhibited 
the problem, and the ones created after did not. When you'd log in as a 
pre-domain-configuration user, you'd see the PDC listed as an empty 
domain in My Network Places. In addition, you probably had some strange 
authentication errors.

Had you done a 'pdbedit -L -v' you would have seen that some users' 
"logon domain" was the PDC; others had the domain SOC listed. You might 
have noticed that the ones listing the PDC were pre-domain users, the 
ones listing SOC were created post-domain configuration.

You see, this bit me once. :-)  I eventually figured out what happened, 
but didn't know an easy way to fix it, so ended up recreating the users 
(and also restoring their SIDs, because I didn't want to screw up their 
local profiles -- wasn't using roaming profiles). Shortly thereafter, I 
took a course from the venerable John H. Terpstra, who pointed out that 
I could have simply converted my passdb temporarily from tdbsam to 
smbpasswd and back again, and this would have fixed it all very quickly 
while maintaining the SIDs. Of course, had I any policy settings in 
place, these would have needed to be recreated, but that would be easier 
than recreating SIDs.

I'm happy that you were able to fix it, yet thought you (and the rest of 
the Samba community) might like to hear of my experience and 
understanding of the problem so that it can be avoided in the future.

~Jonathan Johnson
Sutinen Consulting, Inc.

Charles McLaughlin wrote:

> I noticed that this didn't affect all users, so I deleted the users 
> and added them again using smbpasswd and that fixed this problem.
> Charles
> Charles McLaughlin wrote:
>> Hello,
>> My Samba server acting as a PDC shows up as an empty domain on my 
>> Windows clients under "My Network Places".
>> My PDC is called "PDC" and my domain is called "SOC".  I see PDC and 
>> SOC in "My Network Places".
>> Another strange problem is when I use the Windows Server Manager tool 
>> from servtools.exe, it says "Cannot find the Primary DC for PDC".  
>> Why is it looking for the PDC and not the Domain?
>> My settings are below in case that helps.
>> Thanks,
>> Charles
>> ---------------
>> # Global parameters
>> [global]
>>         workgroup = SOC
>>         passdb backend = tdbsam
>>         passwd chat = *New*Password* %n\n*Re-enter*new*password* %n\n 
>> *Password*changed*
>>         username map = /etc/samba/smbusers
>>         log level = 2
>>         log file = /var/log/samba/%m
>>         max log size = 50
>>         name resolve order = wins bcast hosts
>>         time server = Yes
>>         add user script = /usr/sbin/useradd -m '%u'
>>         delete user script = /usr/sbin/userdel -r '%u'
>>         add group script = /usr/sbin/groupadd '%g'
>>         delete group script = /usr/sbin/groupdel '%g'
>>         add user to group script = /usr/sbin/usermod -G '%g' '%u'
>>         add machine script = /usr/sbin/useradd -s /bin/false -d 
>> /var/lib/nobody '%u'
>>         logon path =
>>         logon home =
>>         domain logons = Yes
>>         preferred master = Yes
>>         wins support = Yes
>> [homes]
>>         comment = Home Directories
>>         valid users = %S
>>         read only = No
>>         browseable = No
>> [netlogon]
>>         comment = Network Logon Service
>>         path = /home/samba/netlogon
>>         guest ok = Yes
>>         locking = No
>> [profiles]
>>         comment = Profile Share
>>         path = /home/samba/profiles
>>         read only = No
>>         profile acls = Yes

