The problem is - how do I do it? It seems to be such an easy question but I've failed to find it in the documentation. (I'm trying to follow "How to Configure Samba 2.2 as a Primary Domain Controller" which I was pointed to by SWAT.) I'm guessing the solution's obvious, but if so, I hope somebody can help easily. I've used samba for a few years (so I'm not a complete newbie), but now I'm trying to use it as a PDC for the first time. It's a simple network consisting of a Mandrake Linux 9.1 m/c acting as the DNS and PDC, and a Win2K workstation. It's samba version 2.2.7. The samba configuration seems OK so far as SWAT is concerned and I've tried using a share successfully. The config includes the netlogon share as documented. I've successfully persuaded a Windoze m/c to join the domain. The Windoze m/c's name is in both /etc/passwd and /etc/samba/smbpasswd. The dollar sign is at the end of the name in both cases. I've also added root in /etc/samba/smbpasswd. I've created a user (which I intend will be a domain user) in /etc/passwd and in /etc/samba/smbpassed. Now what? I don't know what to do next. What worries me is that there doesn't seem to be a way of telling the Windoze m/c what password you've entered for it on the PDC. Anyway... If I try to add the user in Win2K using "Control Panel/Users and Passwords/Add/Browse" and tell it to use the root user and password, it successfully returns a list of users on the linux m/c, including the one I want to be a domain user. However, when I select my "domain" user and proceed in the wizard I get the following error message: "The user could not be added because the following error has occurred: The trust relationship between this workstation and the primary domain failed." I've also tried ignoring the fact that I haven't told Windoze anything about this "domain" user. When I just try logging in as this user, it says: "The system cannot log you on to this domain because the system's computer account in its primary domain is missing or the password on that account is incorrect." I can post the smb.conf file if necessary. Thanks for any help... Paul ====L&K,Paul ________________________________________________________________________ Want to chat instantly with your online friends? Get the FREE Yahoo! Messenger http://uk.messenger.yahoo.com/
Paul,
I had similar problems, and this is a problem with the machine
account, not the user account. The machine trust account should be
setup similar to the following, assuming a machine name of win2kname.
useradd -r -g trust -d /dev/null -s /dev/null win2kname$
smbpasswd -a -m win2kname
Note that the $ is not required on the second command.
This can also be caused if the win2k machine and the samba server
passwords are different on the machine trust account. Note that you
should not normally change these, as when you join the domain, they will
be set automatically. If this is the problem, you will need to leave
the domain on the win2k machine, and the delete the samba trust account
(i.e. smbpasswd -d -m win2kname). Then re-create it (with smbpasswd -a
-m win2kname) and re-join the domain. If all goes well, you should be
able to login!
Louis
> The problem is - how do I do it? It seems to be such an easy question
> but I've failed to find it in the documentation. (I'm trying to
follow
> "How to Configure Samba 2.2 as a Primary Domain Controller" which
I
was> pointed to by SWAT.) I'm guessing the solution's obvious, but if
so, I
> hope somebody can help easily.
>
> I've used samba for a few years (so I'm not a complete newbie), but
now> I'm trying to use it as a PDC for the first time. It's a simple
network> consisting of a Mandrake Linux 9.1 m/c acting as the DNS and PDC, and
a> Win2K workstation. It's samba version 2.2.7. The samba configuration
> seems OK so far as SWAT is concerned and I've tried using a share
> successfully. The config includes the netlogon share as documented.
> I've successfully persuaded a Windoze m/c to join the domain.
> The Windoze m/c's name is in both /etc/passwd and
/etc/samba/smbpasswd.> The dollar sign is at the end of the name in both cases.
> I've also added root in /etc/samba/smbpasswd.
> I've created a user (which I intend will be a domain user) in
> /etc/passwd and in /etc/samba/smbpassed.
>
> Now what? I don't know what to do next.
>
> What worries me is that there doesn't seem to be a way of telling the
> Windoze m/c what password you've entered for it on the PDC. Anyway...
>
> If I try to add the user in Win2K using "Control Panel/Users and
> Passwords/Add/Browse" and tell it to use the root user and password,
it> successfully returns a list of users on the linux m/c, including the
> one I want to be a domain user. However, when I select my
"domain"
user> and proceed in the wizard I get the following error message:
> "The user could not be added because the following error has occurred:
> The trust relationship between this workstation and the primary domain
> failed."
>
> I've also tried ignoring the fact that I haven't told Windoze
anything
> about this "domain" user. When I just try logging in as this
user, it
> says:
> "The system cannot log you on to this domain because the system's
> computer account in its primary domain is missing or the password on
> that account is incorrect."
>
> I can post the smb.conf file if necessary.
>
> Thanks for any help...
>
> Paul
>
> ====> L&K,Paul
Paul, That is correct. There is no setup at all required *for the user* on the win2k machine. Once it is part of the domain, assuming that it is setup properly and can communicate with the domain server at login time (machine passwords are correct, etc.) then a user does not have to exist on the local machine in order to login. The error message that you are getting refers to the computer account, and not the user account as causing the problem, so it indicates a problem with the machine account. Please respond to my email address (and CC the list if you want) if you have further questions as I don't always have time to keep up with the mailing list. Louis louisn@aip-usa.com> Louis, > > Thanks for your response. > > I thought I'd done what you said, but armed with your experience I'll > get out of the domain, undo the server side changes and start again > being more careful this time. > > Sorry to seem dim, but can you just confirm that (once I've done the > rest properly) all I have to do to add a domain user to the domain is > to add it on the PDC as both a linux and an smb user? (i.e. nothing to > do from a Win2K client m/c) > > Paul> The problem is - how do I do it? It seems to be such an easy question > but I've failed to find it in the documentation. (I'm trying to follow> "How to Configure Samba 2.2 as a Primary Domain Controller" which Iwas> pointed to by SWAT.) I'm guessing the solution's obvious, but if so, I> hope somebody can help easily. > > I've used samba for a few years (so I'm not a complete newbie), butnow> I'm trying to use it as a PDC for the first time. It's a simplenetwork> consisting of a Mandrake Linux 9.1 m/c acting as the DNS and PDC, anda> Win2K workstation. It's samba version 2.2.7. The samba configuration > seems OK so far as SWAT is concerned and I've tried using a share > successfully. The config includes the netlogon share as documented. > I've successfully persuaded a Windoze m/c to join the domain. > The Windoze m/c's name is in both /etc/passwd and/etc/samba/smbpasswd.> The dollar sign is at the end of the name in both cases. > I've also added root in /etc/samba/smbpasswd. > I've created a user (which I intend will be a domain user) in > /etc/passwd and in /etc/samba/smbpassed. > > Now what? I don't know what to do next. > > What worries me is that there doesn't seem to be a way of telling the > Windoze m/c what password you've entered for it on the PDC. Anyway... > > If I try to add the user in Win2K using "Control Panel/Users and > Passwords/Add/Browse" and tell it to use the root user and password,it> successfully returns a list of users on the linux m/c, including the > one I want to be a domain user. However, when I select my "domain"user> and proceed in the wizard I get the following error message: > "The user could not be added because the following error has occurred:> The trust relationship between this workstation and the primary domain> failed." > > I've also tried ignoring the fact that I haven't told Windoze anything> about this "domain" user. When I just try logging in as this user, it > says: > "The system cannot log you on to this domain because the system's > computer account in its primary domain is missing or the password on > that account is incorrect." > > I can post the smb.conf file if necessary. > > Thanks for any help... > > Paul > > ====> L&K,Paul