samba - Aug 2008 - INFO Request: Samba PDC, Windows NT4 Style, Failure to Add Trusted Machine

Here's my document reference point:
http://samba.org/samba/docs/man/Samba-HOWTO-Collection/domain-member.html#machine-trust-accounts

I've had some moderate success setting up this Samba network.  But, it's
failing at adding a Windows XP Pro machine to the trusted machine list, 
or it's disallowing it to log in.  This explanation is as complete as I 
can make it, so it will be long.

My config is at the bottom of the message

Using:

FreeBSD 7 Stable
Samba 3.0.31_1,1

Windows XP Professional, SP3
Logging in as Administrator local
Trying to add to domain by adding it through System => Computer Name, etc.

Presently, I'm using (in smb.conf):

security = user

The goals are to set up a PDC Samba machine, acting as the PDC, with
local accounts for Samba, allowing a hand full of Windows XP
Professional machines to log in via the domain and a domain user.

I'm not using LDAP, am running Samba 3 (which is apparently
syntactically different than 2.X in configs).

1) Added trusted machine according to documents.

2) Added user accounts, which log in fine remotely via the windows network
browser to view, upload, change files -- I can even map a device.  But, I
can't log in as a member of the domain from the Windows XP Pro machine.

3) Trying to add the trusted machine to the domain.  That doesn't work
from the Windows box.  It first tells me that the machine is not in the
list of machines on the domain, and then says the user cannot be found
when I key in the user/pass/domain details in the login box.

I've added the machine account to the pw file in BSD.

vipw reveals:

winbox$:*:101:100::0:0:Windows winbox:/dev/null:/sbin/nologin

I've added the group machines to the groups file.

/etc/groups reveals:

machines:*:100:

I've added the machine via command line to the Samba user db.

root# smbpasswd -a -m winbox

So, I figured I can just log into the Windows machine as local 
Administrator, go to Control Panel, System, Computer Name, Network ID 
and walk through the wizard to add the computer to the domain.

I get this error:

Windows can not find an account for your computer on the MYDOMAIN domain.


My config:

[global]
workgroup = WORKGROUP
server string = Samba Server
netbios name = SMBSERVER
security = user
hosts allow = 192.168.1. 192.168.2. 127. 10.10.10.
log file = /var/log/samba/log.%m
max log size = 50
passdb backend = tdbsam
local master = yes
os level = 65
domain master = yes
preferred master = yes
domain logons = yes
wins support = yes
hide unreadable = yes
hide dot files = yes
nt acl support = yes
inherit acls = yes
;    map acl inherit = yes
[homes]
    comment = Home Directories
    browseable = no
    writable = yes
[data]
comment = Data Drive
path = /home/sambashare
; force user = [some-username]
force group = sambadata
read only = No
guest ok = No


-- 


Jason A. Nunnelley

My self-reply is meant to clarify:

http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/ClientConfig.html#id2570436

When I'm adding my computer to the domain, I end up with an error 
directly after Step 6.  I never get to the place where it asks for a 
username and password.


-- 


Jason A. Nunnelley
JasonN.com is my website - all opinions expressed were mine at some point.

is the windows xp comptuer named winbox in my computer properties, 
computer name?  is the WINS SERVER ip address set to the IP of your 
samba server?

Jason A. Nunnelley wrote:
> Here's my document reference point:
>
http://samba.org/samba/docs/man/Samba-HOWTO-Collection/domain-member.html#machine-trust-accounts
>
>
> I've had some moderate success setting up this Samba network.  But, 
> it's failing at adding a Windows XP Pro machine to the trusted machine 
> list, or it's disallowing it to log in.  This explanation is as 
> complete as I can make it, so it will be long.
>
> My config is at the bottom of the message
>
> Using:
>
> FreeBSD 7 Stable
> Samba 3.0.31_1,1
>
> Windows XP Professional, SP3
> Logging in as Administrator local
> Trying to add to domain by adding it through System => Computer Name, 
> etc.
>
> Presently, I'm using (in smb.conf):
>
> security = user
>
> The goals are to set up a PDC Samba machine, acting as the PDC, with
> local accounts for Samba, allowing a hand full of Windows XP
> Professional machines to log in via the domain and a domain user.
>
> I'm not using LDAP, am running Samba 3 (which is apparently
> syntactically different than 2.X in configs).
>
> 1) Added trusted machine according to documents.
>
> 2) Added user accounts, which log in fine remotely via the windows 
> network
> browser to view, upload, change files -- I can even map a device.  But, I
> can't log in as a member of the domain from the Windows XP Pro machine.
>
> 3) Trying to add the trusted machine to the domain.  That doesn't work
> from the Windows box.  It first tells me that the machine is not in the
> list of machines on the domain, and then says the user cannot be found
> when I key in the user/pass/domain details in the login box.
>
> I've added the machine account to the pw file in BSD.
>
> vipw reveals:
>
> winbox$:*:101:100::0:0:Windows winbox:/dev/null:/sbin/nologin
>
> I've added the group machines to the groups file.
>
> /etc/groups reveals:
>
> machines:*:100:
>
> I've added the machine via command line to the Samba user db.
>
> root# smbpasswd -a -m winbox
>
> So, I figured I can just log into the Windows machine as local 
> Administrator, go to Control Panel, System, Computer Name, Network ID 
> and walk through the wizard to add the computer to the domain.
>
> I get this error:
>
> Windows can not find an account for your computer on the MYDOMAIN domain.
>
>
> My config:
>
> [global]
> workgroup = WORKGROUP
> server string = Samba Server
> netbios name = SMBSERVER
> security = user
> hosts allow = 192.168.1. 192.168.2. 127. 10.10.10.
> log file = /var/log/samba/log.%m
> max log size = 50
> passdb backend = tdbsam
> local master = yes
> os level = 65
> domain master = yes
> preferred master = yes
> domain logons = yes
> wins support = yes
> hide unreadable = yes
> hide dot files = yes
> nt acl support = yes
> inherit acls = yes
> ;    map acl inherit = yes
> [homes]
>    comment = Home Directories
>    browseable = no
>    writable = yes
> [data]
> comment = Data Drive
> path = /home/sambashare
> ; force user = [some-username]
> force group = sambadata
> read only = No
> guest ok = No
>
>