[Samba] Samba PDC can't log into XP domain members

John Locke mail at freelock.com
Wed Mar 8 22:02:49 GMT 2006


I've been supporting small businesses with Samba for quite a while, but 
am just now venturing into Windows domains. I recently made a Samba 
server in a small office a PDC, and successfully joined 5 Windows XP/2K 
clients to the domain. Single-sign-on is working everywhere, and Samba 
shares work as expected.

However, I can't successfully log into the Windows XP clients from other 
computers on the network as anything other than guest. I get 
"NT_ACCESS_DENIED" errors when I try to access a shared printer on one 
computer. Another computer with a large hard drive acts as a backup 
storage location, which works with anonymous login, but I can't seem to 
log in with any domain credentials. So I can't secure it that well, and 
I can't access the Windows directory, where I'm trying to snarf the 
printer drivers ;-)

I'm trying to do this remotely, using SSH to the Samba PDC. Is there a 
way I can push the appropriate permissions out to the Windows XP 
workstations so that I can access their shares? I tried using the net 
rpc group commands, but can't seem to list any groups, and when I 
attempt to add a "Domain Admins" group it gives me 
NT_STATUS_ALIAS_EXISTS. When I try to use net rpc group addmem, I get this:
> Could not lookup up group member DODD\john
> Could not add DODD\john to Domain Admins: NT_STATUS_NONE_MAPPED
How do I add myself to the Domain Admins group, and is that sufficient 
to do what I'm trying to do?


John Locke
"Open Source Solutions for Small Business Problems"
published by Charles River Media, June 2004

