[Samba] INFO Request: Samba PDC, Windows NT4 Style, Failure to Add Trusted Machine

Jason A. Nunnelley jason at jasonn.com
Fri Aug 1 16:16:46 GMT 2008 

Here's my document reference point:
http://samba.org/samba/docs/man/Samba-HOWTO-Collection/domain-member.html#machine-trust-accounts

I've had some moderate success setting up this Samba network.  But, it's 
failing at adding a Windows XP Pro machine to the trusted machine list, 
or it's disallowing it to log in.  This explanation is as complete as I 
can make it, so it will be long.

My config is at the bottom of the message

Using:

FreeBSD 7 Stable
Samba 3.0.31_1,1

Windows XP Professional, SP3
Logging in as Administrator local
Trying to add to domain by adding it through System => Computer Name, etc.

Presently, I'm using (in smb.conf):

security = user

The goals are to set up a PDC Samba machine, acting as the PDC, with
local accounts for Samba, allowing a hand full of Windows XP
Professional machines to log in via the domain and a domain user.

I'm not using LDAP, am running Samba 3 (which is apparently
syntactically different than 2.X in configs).

1) Added trusted machine according to documents.

2) Added user accounts, which log in fine remotely via the windows network
browser to view, upload, change files -- I can even map a device.  But, I
can't log in as a member of the domain from the Windows XP Pro machine.

3) Trying to add the trusted machine to the domain.  That doesn't work
from the Windows box.  It first tells me that the machine is not in the
list of machines on the domain, and then says the user cannot be found
when I key in the user/pass/domain details in the login box.

I've added the machine account to the pw file in BSD.

vipw reveals:

winbox$:*:101:100::0:0:Windows winbox:/dev/null:/sbin/nologin

I've added the group machines to the groups file.

/etc/groups reveals:

machines:*:100:

I've added the machine via command line to the Samba user db.

root# smbpasswd -a -m winbox

So, I figured I can just log into the Windows machine as local 
Administrator, go to Control Panel, System, Computer Name, Network ID 
and walk through the wizard to add the computer to the domain.

I get this error:

Windows can not find an account for your computer on the MYDOMAIN domain.


My config:

[global]
workgroup = WORKGROUP
server string = Samba Server
netbios name = SMBSERVER
security = user
hosts allow = 192.168.1. 192.168.2. 127. 10.10.10.
log file = /var/log/samba/log.%m
max log size = 50
passdb backend = tdbsam
local master = yes
os level = 65
domain master = yes
preferred master = yes
domain logons = yes
wins support = yes
hide unreadable = yes
hide dot files = yes
nt acl support = yes
inherit acls = yes
;    map acl inherit = yes
[homes]
    comment = Home Directories
    browseable = no
    writable = yes
[data]
comment = Data Drive
path = /home/sambashare
; force user = [some-username]
force group = sambadata
read only = No
guest ok = No


-- 


Jason A. Nunnelley

More information about the samba mailing list