[Samba] Joining XP SP2 to a Samba PDC

Wed Aug 10 16:51:28 GMT 2005

Hello and Thanks in advance.

I have a CentOS 4.1 Server and i have samba Version 3.0.10-1.4E
I have 2 users on this server right now: Root, Dsanchez.

I have also issued this command to set up these 2 users on the Samba
Server as well.
smbpasswd -a root
smbpasswd -a dsanchez
and i set up the password to match the linux account.

Here is my SMB.conf file:

# Global parameters
[global]
        workgroup = ETNET
        server string = Samba PDC Server
        passwd program = /usr/bin/passwd %u
        passwd chat = *New*UNIX*password* %n\n
*ReType*new*UNIX*password* %n\n
*passwd:*all*authentication*tokens*updated*successfully*
        unix password sync = Yes
        log file = /var/log/samba/%m.log
        max log size = 50
        socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
        printcap name = /etc/printcap
        add user script = /usr/sbin/useradd -d /dev/null -g 100 -s
/bin/false -M %u
        add machine script = /usr/sbin/useradd -c Machine -d /dev/null
-s /bin/false machine_name$
        domain logons = Yes
        os level = 65
        preferred master = Yes
        domain master = Yes
        dns proxy = No
        idmap uid = 16777216-33554431
        idmap gid = 16777216-33554431
        hosts allow = 10.78., 127.
        cups options = raw

[homes]
        comment = Home Directories
        read only = No
        browseable = No

[netlogon]
        comment = Network Logon Service
        path = /home/netlogon
        guest ok = Yes
        share modes = No

[printers]
        comment = All Printers
        path = /var/spool/samba
        printable = Yes
        browseable = No

I have also made the following changes to the XP box.

Registry changes:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetLogon\Parameters\Requiresignorseal

Which i set to '0' from '1'

I have made sure the following in Local Security Policy is set:
I edited or checked the following entries:
"Domain member: Digitally encrypt or sign secure channel(Disabled)"
"Domain member: Disable machine account password changes(Disabled)."
"Domain member: Require strong (Windows 2000 or later) session key(Disabled)"

Then i go to the Systems Properties/computer name change/

I change from workgroup: workgroup to Domain:ETINET

Then i click the 'ok' button, and a login window pops up.

I then use the following usernames to 'Join'

root
admin
administrator
dsanchez
etinet\root
etinet\admin
etinet\administrator
etinet\dsanchez

I get the following error when i try to join as:
administrator
admin
etinet\admin
etinet\administrator

The following error occurred attempting to join the domain "ETINET":
Logon Failure: Unknown Username or bad password.

When i try using the following this is what i get:
root
etinet\root

The following error occurred attempting to join the domain "ETINET":
The username could not be found.

Then, if i try and use my account, whcih i added to the root group.
Dsanchez
etinet\Dsanchez

The following error occurred attempting to join the domain "ETINET":
Access is Denied.

Note, this is an XP SP2 Machine and i only have 1 user on this machine
(Dsanchez)

Also,

I did find that this script
add machine script = /usr/sbin/useradd -d /dev/null -g 102 -s /bin/false

has a group of 102

and the machine log file that was in /var/log/samba/<machinename>.log
had this error in it.

useradd: unknown group 102

however i do have this script in the smb.conf file.

add user script = /usr/sbin/useradd -d /dev/null -g 100 -s /bin/false -M %u

So do i need both of these lines?
do i need to make a group with the Gid of 102?

Thanks.