samba - May 2002 - Can't join Samba PDC from Win2k

I am trying to make my Samba server act as a domain controller, but I
can't join the domain. When I go into Windows 2k and I right click the
computer, the properties button, and try to make it a part of the domain,
it asks me for a user account, and a password. I am not sure what user
account to type in here. What user account do I type in?

Below is my smb.conf file. I followed the howto from 

ftp://us6.samba.org/pub/samba/docs/htmldocs/Samba-PDC-HOWTO.html

and you can see where I put the adduser in my global configuration so
a machine is added automatically.

# from linux.local (127.0.0.2)
# Date: 2002/05/18 21:55:34

# Global parameters
[global]
	netbios name = DASERVER
	workgroup = CHEDDAR
	map to guest = Bad User
	socket options = SO_KEEPALIVE IPTOS_LOWDELAY TCP_NODELAY
	character set = ISO8859-15

	os level = 64
	preferred master = yes
	domain master = yes
	local master = yes

	security = user

	encrypt passwords = Yes

	domain logons = yes

	logon path = \\%N\profiles\%u
	
	logon drive = H:
	logon home = "\\%N\%U"

	logon script = logon.cmd

	printing = lprng
	veto files = /*.eml/*.nws/riched20.dll/*.{*}/

	add user script = /usr/sbin/useradd -d /dev/null -g 100 -s /bin/false -M %u 


[homes]
	comment = Home Directories
	read only = No
	create mask = 0640
	directory mask = 0750
	browseable = No

[printers]
	comment = All Printers
	path = /var/tmp
	create mask = 0600
	printable = Yes
	browseable = No

;DOMAIN SPECIFIC INFO
[netlogon]
	comment = NETLOGON service
	path = /home/netlogon
	read only = yes
	write list = ntadmin

[profiles]
	path = /home/profiles
	read only = no
	create mask = 0600
	directory mask = 0700
	


-- 
Brian Lavender
http://www.brie.com/brian/

On Sun, May 19, 2002 at 03:47:53PM -0700, Brian Lavender
wrote:
> I am trying to make my Samba server act as a domain controller, but I
> can't join the domain. When I go into Windows 2k and I right click the
> computer, the properties button, and try to make it a part of the domain,
> it asks me for a user account, and a password. I am not sure what user
> account to type in here. What user account do I type in?
Here's more info on the error I am getting when I try to join the
Domain. It asks me:

Enter the name and password of an account with permission to join
the domain
user: brian
password: <password>

"Click Ok"

It pauses for a few moments, and here is the error I get:

The following error occurred attempting to join the domain "cheddar"
The account used is a computer account. Use your global user account or
local user account to access this server.

I have a user account on the "cheddar" domain. What am I doing wrong?

brian
-- 
Brian Lavender
http://www.brie.com/brian/

I went through exactly the same thing over the weekend and after help from this
list I got it all working. What I had to do was add settings for domain admin
group and domain admin users to my smb.conf global section (both items were set
to root) and I also made root a samba user. If you have done all this and its
still not working make sure the machine trust account is being created correctly
(check smbpasswd and /etc/passwd for entries with your w2k machine name with a $
appended.

Neil





Quoting Brian Lavender <brian@brie.com>:
> I am trying to make my Samba server act as a domain controller, but I
> can't join the domain. When I go into Windows 2k and I right click the
> computer, the properties button, and try to make it a part of the
> domain,
> it asks me for a user account, and a password. I am not sure what user
> account to type in here. What user account do I type in?
> 
> Below is my smb.conf file. I followed the howto from 
> 
> ftp://us6.samba.org/pub/samba/docs/htmldocs/Samba-PDC-HOWTO.html
> 
> and you can see where I put the adduser in my global configuration so
> a machine is added automatically.
> 
> # from linux.local (127.0.0.2)
> # Date: 2002/05/18 21:55:34
> 
> # Global parameters
> [global]
> 	netbios name = DASERVER
> 	workgroup = CHEDDAR
> 	map to guest = Bad User
> 	socket options = SO_KEEPALIVE IPTOS_LOWDELAY TCP_NODELAY
> 	character set = ISO8859-15
> 
> 	os level = 64
> 	preferred master = yes
> 	domain master = yes
> 	local master = yes
> 
> 	security = user
> 
> 	encrypt passwords = Yes
> 
> 	domain logons = yes
> 
> 	logon path = \\%N\profiles\%u
> 	
> 	logon drive = H:
> 	logon home = "\\%N\%U"
> 
> 	logon script = logon.cmd
> 
> 	printing = lprng
> 	veto files = /*.eml/*.nws/riched20.dll/*.{*}/
> 
> 	add user script = /usr/sbin/useradd -d /dev/null -g 100 -s /bin/false
> -M %u 
> 
> 
> [homes]
> 	comment = Home Directories
> 	read only = No
> 	create mask = 0640
> 	directory mask = 0750
> 	browseable = No
> 
> [printers]
> 	comment = All Printers
> 	path = /var/tmp
> 	create mask = 0600
> 	printable = Yes
> 	browseable = No
> 
> ;DOMAIN SPECIFIC INFO
> [netlogon]
> 	comment = NETLOGON service
> 	path = /home/netlogon
> 	read only = yes
> 	write list = ntadmin
> 
> [profiles]
> 	path = /home/profiles
> 	read only = no
> 	create mask = 0600
> 	directory mask = 0700
> 	
> 
> 
> -- 
> Brian Lavender
> http://www.brie.com/brian/
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba
> 


---
Neil Muller
Neologix Pty Ltd
http://www.neologix.net
PO Box 3183, Weston Creek, ACT, 2611, Australia
email: neil@neologix.net
voice: +61 2 62875900    fax:   +61 2 62875911   
mob:   +61 408 977 976