I'm a really green so please be patient.

I am trying to set up a Linux box as my domain controller with a number (5) NT or win2K machines connected to it. I have Samba set up and running (at least I think it is). I have set up printers and file shareing etc. and I can print etc. so I think this are working. However, I have a problem with domain control. In the events viewer of the NT and win2K machines I SOMETIMES get a notification that there was no domain controller for domain. Is this a problem with Samba? Does it sometimes work and sometimes not?

in smb.conf, I have the following:

[global]
workgroup = MYDOMAIN
netbios name = SERVER
interfaces = eth0 192.168.1.1/255.255.255.0
security = DOMAIN
encrypt passwords = Yes
min passwd length = 4
map to guest = Bad User
large readwrite = Yes
name resolve order = lmhosts host bcast
socket options = SO_KEEPALIVE IPTOS_LOWDELAY TCP_NODELAY
character set = ISO8859-15
domain logons = Yes
os level = 2

Any thought? Have I done something stupid here?
Philip

There are several problems with your smb.conf file. Instead of me going through it all here, I suggest you take a look at these links first. I think they will help you a lot.

http://linuxnewbie.org/forum/showthread.php?s=&threadid=40945

http://www.linuxjunior.org/yabbse/index.php?board=4;action=display;threadid=1043;sta rt=0

cowanrl,
Could you give me a hint where to start? I have looked at the link and am still no further on. The first thing I noticed is that the smb.conf file has all sorts of lines I don't have and my guess is that it is because the example is samba 2.2.2 and I am using 2.2.1a as came with my SuSE 7.3 distribution.

Please help.

If I get a chance later on today, I'll try to give you more explicit help on the problems with your smb.conf file.
However, If you want Win2k machines to join your domain, I suggest you upgrade to the latest version of Samba. You can get it at www.samba.org. I believe the latest version is 2.2.5-1. A lot of problems have been fixed/features added since 2.2.1a.

More to follow later.

cowanrl,

Thanks! I will start by downloading 2.2.5.

Philip

When you get 2.2.5, I also suggest you install SWAT. That's the GUI, web based configuration tool for Samba. It has some excellent configuration help information for Samba, expecially for setting up samba as a PDC. Check it out.

Thanks cowanrl for providing those links above. I have samba working at home doing just simple file sharing. I have been wanting to set it up further to act as a PDC and think this has given me a tremendous amount of information. Almost so much that it might be overwhelming. Anyway, I'm going to use the information this weekend and if I can't get it running properly. I'm also going to look at SWAT.

It seems I've been through this more than a dozen times, looking for that "fool-proof" install method. This is what works for me.

Background: small LAN of XP machines with Mandrake 8.2 + Samba providing PDC services (roaming profiles, file server, etc...)

Step 1: Install Samba...you've already done that.

Step 2: Run SWAT and build your smb.conf file. I've tried this both ways: hand-editing my smb.conf and creating one with SWAT, and after much frustration and swearing, I found that for some odd reason, it only works if you build your config file in SWAT. Here are the important excerpts from a sample config file:

[global]
workgroup = whatever
domain logons = yes
security = user
local master = yes
os level = 65
preferred master = yes
domain master = yes
encrypt passwords = yes
logon path = \\%N\profiles\%u
logon drive = H:
logon home = \\homeserver\%u
logon script = logon.cmd

# shares:

[netlogon]
path = /home/netlogon
read only = yes
write list = root

[profiles]
path = /home/ntprofiles
read only = no
create mask = 0600
directory mask = 0700
nt acl support = no

Step 3: create your shares:

#cd /home
#mkdir netlogon
#mkdir ntprofiles
#chmod 777 netlogon
#chmod 777 ntprofiles

(I know this is bad security, but it's just to get things rolling...you can lock down your permissions later on)

Step 4: create users: first, let's make the Linux user account:

#useradd xpuser
#passwd xpuser
note: username and password MUST match what is on your client XP machine

now let's add him to the samba password file:
#smbpasswd -a xpuser

also, add root, but this time, give him a different password than on your Linux box:
#smbpasswd -a root

Step 5: create a machine account for your client:

#adduser -g machines -c machine_nick -d /dev/null -s /bin/false -n machine_name$

(for example, if my XP machine name is xpbox, then enter xpbox$) Don't forget the $ sign!

now add the machine account to samba password file:
#smbpasswd -a -m xpbox
(no $ sign this time)

Step 6: all done on the Linux side. Go ahead and restart samba:
#samba restart
it should say "ok"

Step 7: on your XP machine, right click on My Computer. >Properties >Computer Name >Change > Domain and enter the domain name you specified in your smb.conf file under "workgroup".
XP will prompt you for a username/passwd. For username, enter root and for the password, enter the password you created for root in Step 4.

At this point, if all goes well, you will be greeted by a "Welcome to <name> domain".

Reboot XP.

Step 8: go into the registry and drill down to: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet
\Services\netlgon\parameters\"RequireSignorSeal" and change the dword value from "1" to "0".

Reboot XP.

Step 9: create your XP user account/password under the domain you created. Remember that this must match the username/password on your Samba PDC.

Step 10: Login to your Samba PDC.

Yippee!
Thanks everyone! It's now working or at least it seems to be. Next problem NAT/Masquerade, but that will be another post....

Samba 2.2.5, cowanrl, I couldn't get it to install. I downloaded the rpms from suse as advised on the Samba site but they weren't complete. Once I tried to install, then swat wouldn't work at all and samba wouldn't start. So, I had to reinstall the whole system. So, if anyone knows where I can get the complete binary distribution of Samba 2.2.5 and if it is worth it, then let me know.

Jymbo,
Your instructions were great. Thanks! I was able to follow then and get everything working (once I reinstalled the entire system). A further question if you don't mind. When adding a machine account, you wrote "adduser -g machines -c machine_nick -d /dev/null -s /bin/false -n machine_name$" What is the last -n parameter for? In the version of smbpasswd I have, that parameter isn't available. What should it do?

Everyone,
Thanks again!

Philip

Originally posted by TongueTied
A further question if you don't mind. When adding a machine account, you wrote "adduser -g machines -c machine_nick -d /dev/null -s /bin/false -n machine_name$" What is the last -n parameter for? In the version of smbpasswd I have, that parameter isn't available. What should it do?


First, that's not smbpasswd that you are executing, it's the Linux adduser command. Here's an exerpt from the SWAT help file on the adduser command and -n parameter:

"Above, machine_nickname can be any descriptive name for the client, i.e., BasementComputer. machine_name absolutely must be the NetBIOS name of the client to be joined to the domain. The "$" must be appended to the NetBIOS name of the client or Samba will not recognize this as a machine trust account."

It's extremely important that you execute the adduser command as shown. If you don't, your NT and Win2k machines won't be able to join your domain.

If you are successful in using Samba 2.2.1a, then great. I have seen some guys solve their Samba PDC problems by upgrading to the latest version of Samba though.
I've never use SuSE so I can't be of much help there.

Yup, cowanrl explained the machine accounts perfectly.

TongueTied:

1. I've been having the same problems getting Samba2.2.5 to install on my Drake 8.2 rig. I've even tried compiling from source, but still no go.

2. Just remember: adduser first, then smbpasswd, whether it be users or machine accounts. The only difference is that the machine accounts need to be created in such a way that Samba recognizes the entry as a machine and not a user (which is why you have to add all that funky stuff after #adduser.)

There is a script for automatically creating machine accounts on-the-fly, but I've only been able to get it to work with minimal success. It's supposed to be formally implemented in the later incarnations of Samba (perhaps Samba TNG).

Jymbo,

I was wondering what the purpose is of your steps 8 and 9 in your instructions.
What does the registry entry control?
Why are you creating more user accounts? The accounts you create on the Linux server using adduser and smbpasswd should be all you need.

Just curious.

The reg hack in XP enables XP Professional to join Samba domains. Uncle Bill disabled that by default (I wonder why...) There's also a pre-sp1 hotfix that speeds-up browsing of Samba shares on XP.

Yes, the accounts created on the Linux PDC are sufficient, but then you are robbing yourself of Windows 2000 Adv Server-style Intellimirror: being 1 copy of the user profile kept on the workstation, and another updated on the PDC with each login. Also, a user with an account on the workstation has more control over his environment. It really depends on how much access you want your users to have.

Cowanrl, ya gotta check-out this "Network Neighborhood" for Samba, called xsmbrowser:

http://www.public.iastate.edu/~chadspen/xsmbrowser.html


Comes standard on the Drake 8.2 RPMs CD. A definite must-have!http://home.earthlink.net/~jamespdunn/xsmbrowser.png

I was using this thread as a help for configuring Samba as a PDC for windows XP clients and have run into a snag. I can't seem to figure out how to get my XP machines configured for accessing a domain. When following the steps that jymbo gave for configuring the XP machine I can get to the dialog box where I can change my Work Group but there is nothing there about domains. ie from the control panel System>Computer Name>Change> There is a place to enter the computer name and the Work Group as well as a more button. The more option leads to another dialog box where I can enter the primary DNS suffix of the computer or change my NetBIOS name, and nothing else. Is the workgroup that I enter actually the domain??? Is there some other setting that I need to change. I have the home edition of XP - is it not supported? I've read the Samba book by O'Reilly's but it's a little outdated because it only discusses doing this for Win 95/98 clients and Win NT 4.0 clients. Also, what would you use for your logon script - logon.cmd?

Thanks,

XP Home has no domain support.

Now you have to go run out and buy XP Pro...say bye-bye to your hard-earned cash...

The more I learn about Linux, the more I dislike Microsoft!

Is that to say that Windoze Xp home cannot log into a samba server at all??? That will suck as that is what I am trying to set up also..

You can still access shares on a samba server, but (as I understand it) being able to join the domain can make things easier on the user. Here's what M$ has to say about it. www.microsoft.com/windowsxp/home/evaluation/overviews/joindommore.asp (http://www.microsoft.com/windowsxp/home/evaluation/overviews/joindommore.asp)