Using Samba 2.2.7 on Mandrake 9.0 as a PDC.

Problem: Samba doesn't create machine accounts automatically, more importantly it doesn't create the Linux account in passwd. Two sets of entries turn up in the logs, one in auth.log and the other in messages. I've tried using root (created in smbpasswd) and an account that is part of the domain admin group.

The error that pops up when I try and join the Domain from a Win2K PC is "The account used is a computer account. Use your global user or local user account to access this server.". For practical and security reasons the PDC needs to be able to create machine accounts on the fly.

The problem appears to revolve around the adduser / useradd (tried both), but I've hit a wall and google has been exhausted. Any advice in the regard will be most appreciated

messages
Mar 2 22:39:04 rhino smbd[29522]: [2003/03/02 22:39:04, 0] rpc_server/srv_samr_nt.c:_api_samr_create_user(1929)
Mar 2 22:39:04 rhino smbd[29522]: User drew$ does not exist in system password file (usually /etc/passwd). Cannot add account without a valid local system user.
Mar 2 22:39:04 rhino smbd[29522]:
Mar 2 22:39:05 rhino smbd[29522]: [2003/03/02 22:39:05, 0] rpc_server/srv_netlog_nt.c:get_md4pw(176)
Mar 2 22:39:05 rhino smbd[29522]: get_md4pw: Workstation drew$: no account in domain

auth.log
Mar 3 20:10:03 rhino adduser[7499]: failed adding user `', data deleted

Here's the global and [netlogon] section of my smb.conf:
NOTE: the group machines exists

[global]
workgroup = IT
netbios name = RHINO
netbios aliases = SOFTWARE
server string = IT Software Server
encrypt passwords = Yes
min passwd length = 0
map to guest = Bad User
null passwords = Yes
passwd program = /usr/bin/passwd %u
passwd chat = *new*password* %n\n *new*password* %n\n *successfully*
unix password sync = Yes
syslog only = Yes
log file = /var/log/samba/log.%m
max log size = 50
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
load printers = No
printcap name = lpstat
show add printer wizard = No
domain admin group = ccarg, @adm
add user script = /usr/sbin/useradd -d /dev/null -g machines -c 'Machine Account' -s /bin/false -M %U
delete user script = /usr/sbin/deluser %U
domain logons = Yes
os level = 33
lm announce = Yes
preferred master = Yes
domain master = Yes
dns proxy = No
wins server = 146.231.128.6
guest account = guest
read list = guest
guest ok = Yes
printing = cups
default case = upper
short preserve case = No

[netlogon]
path = /etc/samba/netlogon
write list = ntadmin
guest ok = No

Why don't you add the accounts manually?

Hi micxz

Two reasons.
- This PDC is going to be looking after many PC's (maintaining a list of member PC's is not feasible).
- The network is public (university). Having any old PC joining with the same netbios name would be to insecure to be on option

The "add user script" seems to run, but the name of the PC converyed in U% doesn't seem to come through. I set up a test Mandrake PC from scratch and came up with the same error - I'm surprised no-one else has tripped over this one.

Andrew

Have the same useradd in my script and it works. Only different is a small %u instead of capital. d'ont know if that makes any different...

Hi digimike

Thanks for the response. I have tried the little %u. I have also used variations with %u$ have also tried different groups (both name and group number). My system is also runinng on standard security setting (I will be trying others).

Andrew

Hi Andrew,
I am using Mandrake 9 and also at standard security at the moment. The script i am using is:

add user script = /usr/sbin/useradd −d /dev/null −g 100 −s /bin/false −M %u

Installed 8 XP machines today, no worries. Using an admin user which has been added to smbpasswd to log on to XP and root (also in smbpasswd) when asked to join domain.

Digimike

Problem resolved.

I managed to get the PDC working on RH8 using the command from digimike (ta). I've reinstalled the server and it seems happy - still going around fixing other services. (I'm really missing the mandrake Conrtol Centre and some of the other nice bobs that Mandrake comes with...).

Thanks for the suggestions.

Andrew

Thanks. Did a search for this and it resolved my problem also