Results 1 to 4 of 4

Thread: Networks:Configuration:Samba

  1. #1
    Join Date
    Apr 2002
    Augusta Georgia USA

    a SAMBA PDC with Windows 2000 clients

    I finally got it working!

    Here is my situation:

    All of the PC's on our (former) Workgroup are running Windows 2000 SP2 and I built a server running Mandrake Linux 8.1.

    My task:

    Make the Linux box a PDC for the Windows 2000 PC's to log into. Eventually set up email and a web server on the Linux box as well.

    How I did it:

    First let me say that I went through several HOW-TO's and several newsgroups much like this one and they helped a lot... but they all left out the one important final (at least in my case) step that would enable me to log into the PDC from Windows.

    I installed Linux from the Mandrake CD's that I purchased on-line. I purchased the "server suite" from Mandrake and found out (on my own... no one ever mentioned it, not Mandrake's support, not the documentation, etc...) that I needed to install Mandrake using the 9th CD in the package entitle "Mandrake Server CD".

    If you are trying this yourself and you went through the trouble of buying Mandrake, I highly recommend you install it that way.

    I installed all of the options that were available and pertinent to what I wanted to accomplish EXCEPT for SAMBA.

    I then downloaded the latest SAMBA (v.2.2.4) and installed it. I did it this way because when I attempted to upgrade my previous intallation... it just wouldn't work. Period.

    So now SAMBA was running on my Linux box... now for the fun stuff.

    I edited my /etc/samba/smb.conf file to look like this:

    #Basic server settings
    workgroup = mydomainname
    netbios name = myservername
    server string = Primary Domain Server running SAMBA %v

    #PDC and master browser settings
    os level =64
    preferred master = yes
    local master = yes
    domain master = yes
    domain logons = yes
    dns proxy = no

    #Security and logging settings
    security = user
    encrypt passwords = yes
    log file = /var/log/samba/log.%m
    log level = 2
    max log size = 50
    hosts allow =
    smb passwd file = /etc/samba/smbpasswd
    unix password sync = Yes
    passwd program = /usr/bin/passwd %u
    passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n
    *passwd:*all*authentication*tokens*updated*success fully*

    add user script = /usr/sbin/useradd -d /dev/null -g machines -c 'Machine Account' -s /bin/false -M %u

    # Domain groups:
    domain admin group = root @adm

    #============================ Share Definitions ==============================
    comment = Project Folders
    path = /data-1/projects
    browseable = yes
    guest ok = no
    writable = yes
    create mask = 0777

    comment = Temporary Swap Space
    path = /data-1/temp
    browseable = yes
    guest ok = no
    writable = yes
    create mask = 0777

    comment = Accounting Information
    path = /data-1/acct
    valid users = @Supervisor @adm
    writable = yes
    public = no

    comment = Main Directory
    path = /data-1
    valid users = @adm
    writable = yes
    public = no

    comment = Applications
    path = /data-1/apps
    public = yes
    writable = no
    write list = @adm

    comment = Archived Projects
    path = /data-1/archive
    public = yes
    writable = no
    write list = @adm

    comment = Electronic Library
    path = /data-1/lib
    public = yes
    writable = no
    write list = @adm

    comment = Home Directory for %u
    path = /home/%u
    browseable = no
    writeable = yes

    comment = Network Logon Service
    path = /etc/samba/netlogon
    guest ok = yes
    writable = no

    (small side note: if you're trying to do this yourself, you can easily copy my smb.conf file and make whatever changes you need. I have a hard drive mounted on my system as "data-1" and that's where most of my shares are. If all you do is copy this smb.conf file and put it in place you will have a PDC called "myservername" on the "mydomainname" domain... try to be a little more creative than that )

    I could explain what all of that stuff means but I would, instead, recommend that you check out Building and Configuring a SAMBA PDC brought to you by the lovely folks at IBM... the best tutorial out there as it explains almost every entry needed.

    I restarted the SAMBA server and voila! I had a SAMBA PDC!

    Now I just had to get those Windows 2000 machines to log in... and this is where I hit a roadblock.

    I followed the instructions in the Samba HOW-TO Collection for integrating Windows networks with SAMBA.

    I added my username as well as the usernames of the rest of the employees by doing the following in Super User mode:

    # useradd −s /bin/bash −d /home/"userid" −m "userid"
    # passwd "userid"
    Enter Password: <pw>

    # smbpasswd −a "userid"
    Enter Password: <pw>

    Now, according to all of the documentation I could find I should be good to go.

    I have my /etc/samba/smb.conf set up to automatically create the machine accounts when a computer joins the domain for the first time so I should be able to hop over to my W2K machine and log in, right?


    I could see the shares in Network Neighborhood and I could even map them as drives but I couldn't actually "join" the domain. Every time I tried I would get an error message that either said:

    "Cannot join domain, the credentials supplied conflict with an existing set"


    "Invalid username or password"

    The reason for the first error?

    Remember how I said that I could see the available shares and even map to them? That's the error message you're going to get as a result of doing just that... having a connection to the domain in any way while trying to create your machine trust account.

    When you first log into your SAMBA PDC you will create a "machine trust account" for the machine that you are logging in from. This is different from the "machine account" that you either set up manually or, if you're using a configuration like mine, made "on-the-fly". Simply put, SAMBA requires it.

    The reason for the second error?

    It took me a while to figure it out but this is what I learned:

    In order to create a "machine trust account" with SAMBA you have to join the domain (first time only) with a root-level login/password. I learned that from one of the users here on this forum.

    I tried using my "root" account on my Linux box to join the domain but still got the same error message... so what gives?

    Actually... when you first join the domain you do have to use a root-level login/password... a SAMBA root-level login/password!

    So I went back into Super User mode and did the following:

    # smbpasswd −a root
    Enter Password: <pw>

    I used the same password as my "root" user in Linux and you know what happened next?

    I was able to successfully join all of my Windows 2000 machines to my new SAMBA PDC!

    Things I learned along the way:

    If you want to disable the roaming profiles leave out the [Homes] section of your /etc/samba/smb.conf or, in Windows 2000, right-click the "My Computer" icon, select "Properties" and select the "User Profiles" tab. Select the users name and click on the "Change type" button. Choose "Local Profile".

    Whatever you do, don't give your Domain the same name as your Workgroup... it won't work. Period. If you absolutely have to use the same name, change the workgroup name on the machine you are trying to join with first... reboot... then join the domain.

    Diet Pepsi goes flat in about 10 minutes... so drink it fast.

    If you are going to use roaming profiles, a good policy to implement is to have your users keep a minimal amount of information in their "My Documents" folder and don't put folders full of information on the desktop. Also keep the "Temporary Internet" folders clean. User profiles will send all of the junk you have piled up in your "C:\Documents and Settings\userid" folder to the server when you log out and if you log in from a different machine it will send all of that junk to the new machine. If you have a bunch of crap in those folders it could take quite a while. I had one user who had nearly 300MB of crap in his "My Documents" folder alone... took nearly 15 minutes to log out (oh wait... that was me )

    [ 17 June 2002: Message edited by: Nivuahc ]
    Registered Linux User #324436
    Registered Linux Box #209059

    One by one, the Penguins are taking my sanity...

  2. #2
    Join Date
    Apr 2002
    Augusta Georgia USA
    Something else that I learned:

    With the shares that I have outlined above, I had a small problem.

    Most of the users on my system use AutoCAD (we're a small engineering firm) and AutoCAD didn't want to act quite right with my Projects share.

    When a user tries to save a drawing using AutoCAD it, evidently, tries to change the ownership of the file to the user making the changes.

    I tried everything I could think of and eventually settled on adding this line to my Projects share:

    admin users = @Design, @adm

    This allowed all of the users in the Design group as well as the adm group the priveleges to do what they needed and seemed to fix the problem.

    [ 18 June 2002: Message edited by: Nivuahc ]
    Registered Linux User #324436
    Registered Linux Box #209059

    One by one, the Penguins are taking my sanity...

  3. #3
    Join Date
    Jul 2002
    New Jersey
    I just reinstalled my NT4 PDC today as a Linux Samba Server too.

    I found a couple of articles by Carla Schroder at and,00.html that walked me through step by step.

    One difficulty that took me a little while to figure out though turned out to be a permissions problem in her instructions.

    In her instructions for creating the directories she set up in the smb.conf file, she said to type:
    chown 1757 /home/samba/profiles

    This should have been:
    chmod 1757 /home/samba/profiles

    Once I made that change, I was able to log in and it used remote profiles and everything.

    Then I had to log in on my Win2K system on the local Administrator and copy my old files and directories from the old Documents and Settings folders to the new ones that logging in under a new domain creates. This took care of most of the configuration stuff. Make sure you turn on the "Show hidden files" option under the Folder Options before copying them to the clipboard to be sure you get everything though. There are a whole bunch of hidden folders in there that really make a big difference.

    Now to figure out how to get the system to print to my Canon BJC-6000.

    Anyway, I thought I'd post my experiences as well in case it helps someone.

  4. #4
    Join Date
    Apr 2001
    Nashville, TN
    < searching keywords >
    Windows to Linux networking
    Primary Domain controller
    Registered Linux user #230403! Since March 2001! YAY.

    Try doing a forum search or a google search before asking a question. And please don't use HELP! in the topic of your post... it's so lame... Please don't PM me for help-- post a question in the forum instead.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts