Are these XP Home or XP professional?
XP Home edition is crippled and can not join a domain.
I haven't seen something like "host$:x:500:500:XP Host:/dev/null:/bin/false" before.
You might want to look at the Samba 3 by Example book. It is supplied either by your samba package or a samba-doc package, depending on your distro. Chapters 2 & 3 will take you step by step on setting up a samba PDC. The Samba 3 HOWTO & Reference Guide also has a section on a Stand Alone PDC server.
Here is a sample script that is in Chapter 2 of Samba 3 by Example. While you wouldn't use this exact script, is shows mapping Windows domain groups to Linux groups.
# Create UNIX groups
# Map Windows Domain Groups to UNIX groups
net groupmap add ntgroup="Domain Admins" unixgroup=root type=d
net groupmap add ntgroup="Domain Users" unixgroup=users type=d
net groupmap add ntgroup="Domain Guests" unixgroup=nobody type=d
# Add Functional Domain Groups
net groupmap add ntgroup="Accounts Dept" unixgroup=acctsdep type=d
net groupmap add ntgroup="Financial Services" unixgroup=finsrvcs type=d
Here is the [Global] section this example uses:
workgroup = BILLMORE
passwd chat = *New*Password* \
%n\n *Re-enter*new*password* %n\n *Password*changed*
username map = /etc/samba/smbusers
syslog = 0
name resolve order = wins bcast hosts
printcap name = CUPS
show add printer wizard = No
add user script = /usr/sbin/useradd -m ’%u’
delete user script = /usr/sbin/userdel -r ’%u’
add group script = /usr/sbin/groupadd ’%g’
delete group script = /usr/sbin/groupdel ’%g’
add user to group script = /usr/sbin/usermod -G ’%g’ ’%u’
add machine script = /usr/sbin/useradd
-s /bin/false -d /var/lib/nobody ’%u’
logon script = scripts\logon.bat
logon path =
logon drive = X:
domain logons = Yes
preferred master = Yes
wins support = Yes
There are more things to consider such as the ownership & permissions of the directories being shared, the /etc/nsswitch.conf setup, etc.
This is from their Q&A for the Chapter 2 example:
10. Q: How can I manage user accounts from my Windows XP Professional
A: Samba-3 implements a Windows NT4-style security domain architecture.
This type of Domain cannot be managed using tools present on a Windows
XP Professional installation. You may download from the Microsoft Web
site the SRVTOOLS.EXE package. Extract it into the directory from which
you wish to use it. This package extracts the tools: User Manager for
Domains, Server Manager, and Event Viewer. You may use the User
Manager for Domains to manage your Samba-3 Domain user and group
accounts. Of course, you do need to be logged on as the Administrator for
the Samba-3 Domain. It may help to log on as the root account.
Also look at the Using Samba book supplied by the samba package.