Samba 2.2.5 as Primary Domain Controller

[Richard Fox]

Hi all,

I am running Samba 2.2.5 on a RedHat 7.3 system. I am attempting to
establish this computer (thor) as the PDC on our network. The first machine
I want to connect is an NT client, mercury. I followed instructions from
various web resources and have this as my smb.conf file:

[global]
        workgroup = MYGROUP
        netbios name = THOR
        server string = Samba PDC %v %h
        hosts allow = 192.168.1., 127.
        max log size = 50
        security = user
        smb passwd file = /etc/samba/smbpasswd
        encrypt passwords = Yes
        unix password sync = yes
        passwd program = /usr/bin/passwd %u
        passwd chat = *New*password* %n\n *Please*retype*new*password* %n\n
*password*successfully*updated*
        os level = 64
        local master = yes
        domain master = yes
        preferred master = yes
        domain logons = yes
        logon home = \\%L\%u
        logon drive = H:
        logon script = netlogon.bat
        logon path = \\%N\Profiles\%u
[homes]
        comment = Home Directories
        path = %H
        writeable = Yes
        valid users = %S
        create mode = 0664
        directory mode = 0775
[netlogon]
        comment = Network Logon Services
        path = /home/samba/netlogon
        writeable = No
        share modes = No
[Profiles]
        path = /home/samba/profiles
        browseable = No

I then created dirs for the netlogon and Profiles shares:

# groupadd -g 200 admins
# groupadd -g 201 machines
# mkdir -m 0775 /home/samba /home/samba/netlogon
# chown root.admins /home/samba/netlogon
# mkdir /home/samba/profiles
# chown 1757 /home/samba/profiles

Note that I do not have "on-the-fly" creation of machine trust accounts. I
created a trust account for my NT box, mercury:

# useradd -g machines -d /dev/null -s /bin/false mercury$
# passwd -l mercury$
# smbpasswd -a -m mercury

I gave mercury$ the same password as the Administrator user on mercury.

When I try to logon to the domain from mercury (on a separate network from
the current PDC, of course) I get an error msg on my NT box which says:
       cannot connect to the domain controller for this domain. Have your
admin check your computer account on the domain

My log.smbd file says:

[2002/10/28 16:17:55, 0] smbd/reply.c:session_trust_account(497)
  session_trust_account: Trust Account MERCURY$ - password failed

But I set the mercury$ password to be the Administrator password, and this
is the account I am logging in from! Also, I expected to be prompted for the
username/password to log in as. Multiple users can log in on the MERCURY
machine and I want them all to be in the domain. I am not sure how to
accomplish this.

I could use some help here. I am almost there, I know. Many thanks

Richard