Samba 2.2.5 as Primary Domain Controller
Richard Fox
rfox at sbsii.com
Mon Oct 28 20:27:38 GMT 2002
Hi all,
I am running Samba 2.2.5 on a RedHat 7.3 system. I am attempting to
establish this computer (thor) as the PDC on our network. The first machine
I want to connect is an NT client, mercury. I followed instructions from
various web resources and have this as my smb.conf file:
[global]
workgroup = MYGROUP
netbios name = THOR
server string = Samba PDC %v %h
hosts allow = 192.168.1., 127.
max log size = 50
security = user
smb passwd file = /etc/samba/smbpasswd
encrypt passwords = Yes
unix password sync = yes
passwd program = /usr/bin/passwd %u
passwd chat = *New*password* %n\n *Please*retype*new*password* %n\n
*password*successfully*updated*
os level = 64
local master = yes
domain master = yes
preferred master = yes
domain logons = yes
logon home = \\%L\%u
logon drive = H:
logon script = netlogon.bat
logon path = \\%N\Profiles\%u
[homes]
comment = Home Directories
path = %H
writeable = Yes
valid users = %S
create mode = 0664
directory mode = 0775
[netlogon]
comment = Network Logon Services
path = /home/samba/netlogon
writeable = No
share modes = No
[Profiles]
path = /home/samba/profiles
browseable = No
I then created dirs for the netlogon and Profiles shares:
# groupadd -g 200 admins
# groupadd -g 201 machines
# mkdir -m 0775 /home/samba /home/samba/netlogon
# chown root.admins /home/samba/netlogon
# mkdir /home/samba/profiles
# chown 1757 /home/samba/profiles
Note that I do not have "on-the-fly" creation of machine trust accounts. I
created a trust account for my NT box, mercury:
# useradd -g machines -d /dev/null -s /bin/false mercury$
# passwd -l mercury$
# smbpasswd -a -m mercury
I gave mercury$ the same password as the Administrator user on mercury.
When I try to logon to the domain from mercury (on a separate network from
the current PDC, of course) I get an error msg on my NT box which says:
cannot connect to the domain controller for this domain. Have your
admin check your computer account on the domain
My log.smbd file says:
[2002/10/28 16:17:55, 0] smbd/reply.c:session_trust_account(497)
session_trust_account: Trust Account MERCURY$ - password failed
But I set the mercury$ password to be the Administrator password, and this
is the account I am logging in from! Also, I expected to be prompted for the
username/password to log in as. Multiple users can log in on the MERCURY
machine and I want them all to be in the domain. I am not sure how to
accomplish this.
I could use some help here. I am almost there, I know. Many thanks
Richard
More information about the smb-clients
mailing list