Re: Samba Shares & Windows 2000

From: David Wright (david_c_wright_at_hotmail.com)
Date: 01/11/05 

Date: Tue, 11 Jan 2005 09:58:50 +0000

Kevin Nathan wrote:

> On Fri, 07 Jan 2005 23:21:42 GMT
> Steven Liburd <steven.liburd@verizon.net> wrote:
>
>> I've read that, for
>> Win2k, I need to set up a machine account on the Linux box in order
>> for the Win2k box to join the domain.
>
> Absolutely *no* experience with anything past Win98, but back then it
> was very important that the username/passwords were the same on both
> Windows and Linux (there was a way around it, but seemed too complicated
> to me at the time). Make sure your Linux box has a samba user the same
> as the Windows box:
>
> smbpasswd -a username
>
> I think this was discussed just a few days ago on this ng . . .
>
>

If you are running Samba as a PDC, it supplies the username and passwords
that are acceptable for the workstations to log on with. The local
workstation accounts can be used to log on locally with, but you will then
be unable to access the domain resources.

When you authenticate your logon with a PDC, the workstation asks the PDC to
authenticate the username and password against its database. If you enter
an incorrect username/password combination or the PC has not been joined to
the domain (i.e. the PC doesn' have an ID registered with the domain
controller) then logon will fail. If everything is correct, then the PC
will receive a "magic cookie" which is then passed to each server you
attempt to connect to. The cookie is then sent to the PDC for
re-authentication by the PDC before the server can start issuing
information to the client.

I managed to get it working when I was using Samba as a PDC (now it is a
member server, I have a genuine Windows 2003 server as the PDC as I need it
for playing with AD for a customer) Samba seems to be very touchy when it
comes to PDC mode.

The OP must have a line simmilar to:

 add machine script = /usr/sbin/useradd -c Machine -d /var/lib/nobody
-s /bin/false %m$

in the smb.conf file in order for him to add the workstation to the domain.
He will then need to log on as a local user. (Once the line has been
insterted, Samba needs to be restarted, although I've found sometimes
changes between Domain and Workhroup need a reboot, restarting the process
doesn't always work?!)

Right click on the "My Computer icon and select Properties, then go to the
"Computer Name" tab and click on the "Change" (I think, Ă„ndern here on my
German Windows). Here he need to click on the Domain radio button and enter
the Domain name.

When he clicks on OK, he will be asked to provide an administrator user ID
and password to authenticate against the domain. This should be
domain\administrator (in Samba this will be either admin or root depending
on how he has set up Samba. NOTE: In v3 onwards the user must be a member
of the ntadmin group under Linux, until v2.2, there was an option in the
smb.conf for a list of nt admin users, this is redundant under v3 and the
Linux users must be added to the above mentioned group.

If the machine is successfully added, Windows will report this and say
welcome to the domain. It is now necessary to reboot the PC. Now when he
logs on, he should specify the domain for logging onto and not the local
machine name. His username and password will be authenticated against the
PDC and he will receive his magic cookie, which will let him access the
shares properly.

A copy of the OP's smb.conf might also throw some light on the situation.

Dave

Quantcast