• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

samba as a primary domain controller (PDC)

wuboy

Member
I'm having a bit of trouble configuring samba as a PDC. Basically, what I want is for the linux box to act as a file server and also the PDC of a domain.

Strangely, it works on some computers (namely, other servers that are running win2k and also act as PDC), but not on normal workstations. What i want for the workstation to do is to be able to join the domain... but I havent achieved this yet.

I have the [netlogon] part in my smb.conf file, and my globals are as follows:

[global]
netbios name = MADMAN
workgroup = FREAK

os level = 65
preferred master = yes
domain master = yes
local master = yes

security = user

encrypt passwords = yes

domain logons = yes

logon drive = S:

server string = FREAK Samba Server
log file = /var/log/samba/log.%m
max log size = 50
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
dns proxy = No
hosts allow = 192.168.1.0/255.255.255.0

wins support = yes
name resolve order = wins lmhosts bcast
time server = yes

I believe this should work, but I am just having trouble having a workstation (that is domain-less currently) to join the FREAK domain.

Alternatively, if someone can tell me how to add the box to a workgroup, it would be a kluge for now......

thanks. 🙂
 
Strangely, it works on some computers (namely, other servers that are running win2k and also act as PDC),

Like n0c said, you can only have 1 PDC per domain.
 


<< Strangely, it works on some computers (namely, other servers that are running win2k and also act as PDC),

Like n0c said, you can only have 1 PDC per domain.
>>



Wow, I knew windows stuff... I guess I could be an MCSE 😀
 
nono, it is the PDC...

when i mentioned other servers, i meant the PDC of other domains... sorry for the mixup!
 


<<

<< Strangely, it works on some computers (namely, other servers that are running win2k and also act as PDC),

Like n0c said, you can only have 1 PDC per domain.
>>



Wow, I knew windows stuff... I guess I could be an MCSE 😀
>>



Nah cause then we'd have less respect for you. 😉
 


<< haha i feel honored the debian and freeBSD guru have replied to my thread 😉 >>



OpenBSD 😛



<< Nah cause then we'd have less respect for you. 😉 >>



I was trying to get an MCSE a few years ago. 😛
 


<<

<< haha i feel honored the debian and freeBSD guru have replied to my thread 😉 >>



OpenBSD 😛



<< Nah cause then we'd have less respect for you. 😉 >>



I was trying to get an MCSE a few years ago. 😛
>>



Foolishness best attributed to youth. 😉

There's nothing wrong w/ an MCSE; it just doesn't prove anything to me. Although I hear they are making it more challenging with updating for WXP.
 
basic sanity check question: have u added users to the smbpasswd file? (smbpasswd -a user)

what version of samba are u using?

as referenced in Samba Unleashed (isbn 0-672-31862-8), create unix user account for the machine: useradd -c 'Samba ODC fir MYDOMAIN' -M -s /bin/false -n MACHINE$ (not the $ is used to denote machine account not a user account for NT), add the unix uesr account to smbpaswd: smbpasswd -a -m MACHINE (no $ used here), join the domain: smbpasswd -j MYDOMAIN, and lastly add the clients to your unix password file (then they can add themselves to the smbpasswd file): useradd -c 'Windows 2000 WOrkstation' -M -s /bin/false -n W2KMACHINE$. then u should be good to go. i havent implemented this yet, havent realy found a need to run a PDC in my home network. but thats what my book said about starting samba as a pdc, and i know managing users between the unix passwd file and the smbpasswd gets kinda weird.

let me know if that info is accurate.
 

alright! good news and bad news... so since i didnt get many responses, i had to fight my way through this.

i had to change the subnet mask of the workstations and the samba server... apparently there WAS some other computer that was in the domain that was winning the browsing elections or whatever. even though i set the os level to 65 and everything to yes, it didnt work.

so i changed the subnet mask from 255.255.255.0 to 255.255.254.0, and now it works!

on the win2k workstations, i can go to my computer, join domain, and it will prompt me for a username and password to add the workstation to that domain. GOOD!

but then... the bad news. the error that i get says "this account is not able to add to the domain from this station" or something similar to that.

thanks to fivepesos, i know that will probably need to add the machine names to my smbpasswd file... however, i read somewhere about disabling encrypted passwords... but is this native in windows 2000?

i am lazy because i dont want to add around 40 computer names into the smbpasswd file... sorry... so other solutions would be appreciated!

thanks! 🙂

ps to nocmonkey - sorry sorry... i knew it was a flavor of BSD tho!
 
thanks to fivepesos, i know that will probably need to add the machine names to my smbpasswd file... however, i read somewhere about disabling encrypted passwords... but is this native in windows 2000?

i am lazy because i dont want to add around 40 computer names into the smbpasswd file... sorry... so other solutions would be appreciated!


Every machine needs an account in the domain to join it, no way around it that I know of.

I've done this before at home for testing, had roaming profiles working too, I think I still have the docs if you still need help.
 


<<
Every machine needs an account in the domain to join it, no way around it that I know of.

I've done this before at home for testing, had roaming profiles working too, I think I still have the docs if you still need help.
>>



oh man, i will cry if that is the case...

at any rate, i figured out how to disable sending encrypted passwords in windows 2000, so that's done!

however! now i get this really funky problem... when i try to join the domain, i try to login with root/password... then it says "The account used is a computer account. Use your global user account or local user account to access this server." (word-for-word)

sigh. i hope i dont have to create entries for every machine... there must be an easier way........... 🙁
 
all this pdc talk made me want to setup a pdc, but to tell you the truth, i feel like im running into every error imaginable. i keep getting no domain controller found. its probably some trivial error (makes me wish i read through the MCSE books i got from work).

ok ive followed all the basic steps, checked all the common errors and im dumbfounded.

created basic smb.conf (nearly identical to wuboy's, exactly identical to the smb pdc howto)
manually created a machine trust
useradd -c 'teknyk winxp desktop' -M -s /bin/false -n TEKNYK$
smbpasswd -a -m TEKNYK

i go to configure the windows xp machine to connect to the new domain and it doesnt find it. hmm, any suggestions, places to start, anything? im totally lost
 

thanks guys.
i got things to work and adding the domain works find now as well.

my next question has to do with profiles... since i just started, can anyone just give a brief overview on how it works?

so the profile is stored on the server, or on the local computer that was just added to the domain?

thanks!
 
If you set the user to have a roaming profile it's downloaded from the server, the user works like normal with the local profile, then when they logout it's uploaded to the server again.
 

how do i set a roaming profile?

additionally, on some machines, i see something like username.DOMAIN in the "documents and settings" folder.
what do i need to do to do that?
 
Back
Top