samba - Dec 2002 - Add workstation to Samba PDC

I configured SAMBA as a stand alone PDC. However, when I try to add a
workstation via its system properties dialog, the workstation tells me that the
account I specified does not have the right to add workstations to the new
domain. I created the account via SWAT Passwords, and it showed up in the
smbpasswd file ok. There is a Linux account with the same name that has the same
group memberships as the root account. But, I cannot see how to give it this
specific right.  I would be grateful for any direction in this matter.

Thank you in advance for your time.

---------------------------------------------------------------------------------------------------------
[global]
        workgroup = COFRNY
        netbios name = COFR3
        server string = Samba %v  PDC on (%L).
        interfaces = 172.17.60.6/255.255.255.0
        security = DOMAIN
        update encrypted = Yes
        map to guest = Bad User
        password server = *
        smb passwd file = /usr/local/samba/private/smbpasswd
        log file = /var/log/samba/%m.log
        max log size = 0
        load printers = No
        domain admin group = @wheel
        logon script = %U.bat
        logon drive = H:
        domain logons = Yes
        os level = 64
        preferred master = True
        domain master = True
        wins server = 172.16.0.121
        remote announce = 172.16.0.255
        admin users = @wheel
        printer admin = @ntadmin
        read only = No
        printing = lprng
        delete readonly = Yes

On Tue, 17 Dec 2002, Kenneth Illingsworth wrote:
> I configured SAMBA as a stand alone PDC.
Not wishing to doubt that you belive this to be the case, but the smb.cofn
file below says "security = DOMAIN", which means that you have
configured
it to be a member of a pre-existing NT Domain. ie: Your samba server is
NOT a domain controller - it is a domain member.

PS: A Stand-alone server is one option, but a domain controller that
stands alone makes no sense! Why have a domain controller that does no
domain control?

So I guess you really did mean: A domain member server!

IF what you really want is for Samba to be the domain controller then in
smb.conf [globals] you need:
	security = USER

also, delete:
	password server = *

And, do you really want to allow domain access if someone does NOt have a
valid password or account???? Wow!
> However, when I try to add a workstation via its system properties
> dialog, the workstation tells me that the account I specified does not
> have the right to add workstations to the new domain.
That is expected. Your samba server is configured as a domain member and
NOT as a Domain Controller - so it does not have the ability to add a
workstation to the domain.
> I created the account via SWAT Passwords, and it showed up in the
> smbpasswd file ok. There is a Linux account with the same name that has
> the same group memberships as the root account. But, I cannot see how to
> give it this specific right.  I would be grateful for any direction in
> this matter.
> Thank you in advance for your time.
Hope this helps.

- John T.
>
>
---------------------------------------------------------------------------------------------------------
> [global]
>         workgroup = COFRNY
>         netbios name = COFR3
>         server string = Samba %v  PDC on (%L).
>         interfaces = 172.17.60.6/255.255.255.0
>         security = DOMAIN
>         update encrypted = Yes
>         map to guest = Bad User
>         password server = *
>         smb passwd file = /usr/local/samba/private/smbpasswd
>         log file = /var/log/samba/%m.log
>         max log size = 0
>         load printers = No
>         domain admin group = @wheel
>         logon script = %U.bat
>         logon drive = H:
>         domain logons = Yes
>         os level = 64
>         preferred master = True
>         domain master = True
>         wins server = 172.16.0.121
>         remote announce = 172.16.0.255
>         admin users = @wheel
>         printer admin = @ntadmin
>         read only = No
>         printing = lprng
>         delete readonly = Yes
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba
>
-- 
John H Terpstra
Email: jht@samba.org