-   Linux - Networking (
-   -   Join XP to PDC running on Linux (

saudoi 10-23-2006 11:00 PM

Join XP to PDC running on Linux
Hi there,

I just finish to configure my Redhat as PDC with Samba.
The configuration here:

        log file = /var/log/samba/%m.log
        load printers = yes
        idmap gid = 16777216-33554431
        socket options = TCP_NODELAY SO_SNDBUF=8192 SO_RCVBUF=8192
        username map = /etc/samba/smbusers
        winbind use default domain = no
        template shell = /bin/false
        dns proxy = no
        cups options = raw
        netbios name = spider
        server string = Spider
        idmap uid = 16777216-33554431
        password server = None
        path = /shared/public
        workgroup =

        ; setup the Samba acts as PDC
        os level = 64
        preferred master = yes
        domain master=yes
        local master=yes
        comment = public share
        printcap name = /etc/printcap

        security = user
        encrypt passwords = yes
        domain logons = yes
        domain admin users = root

        logon path = \\%N\profiles\%u

        logon drive = N:
        logon home = \\\%u

        logon script = logon.cmd

        max log size = 50

        comment = Home Directories
        browseable = no
        writeable = yes

    comment = Network Logon Service
    path = /home/netlogon
    readonly= yes
    write list = ntadmin

    path = /home/ntprofile
    read only = no
    create mask = 0600
    directory mask = 0700

        comment = Public share
        writeable = yes
        public = yes
        path = /shared/public

I also created a trusted computer account name winxp$ (winxp is computer name of Windows box) and add that account to samba's user list.

However, when i try to join Windows to domain, enter root account as Domain admin, it says that unknown or bad username or password?

What should i do?


saudoi 10-23-2006 11:03 PM

Btw, in my smb.conf, there is a option "logon script = logon.cmd", I copied it from one sample without any idea. More, i didnt create any file name logon.cmd. So please help me to understand what we use it for.

andrewdodsworth 10-24-2006 04:38 AM

Usual isues are to do with creating correct Samba users as well as linux users. Sorry if you're up to speed on this but anyway:

You have to have a linux user for every Samba user, for simplicity I keep the same names but disable logins to the linux box.
You have to create Samba users for each of these using the same name and the Windows password you want (use 'smbpasswd -a username ' as root)
You also have to create a 'root' Samba user with a DIFFERENT password from it's real linux one.
I also don't manually create the machine account I have line in the global part of smb.conf that does that automatically on successfully joining a domain - it depends on your distro but there should be an example in your docs or failing that have a look on

Once that's done then joining the domain should just need supplying 'root' and the Samba password you set up whn it asks for the name and password of the Administrator with authority to join the domain.

The other gotcha is that if you already have a Samba connection to the Samba server you to trash it first before you try to join the domain. Use the 'net use * /delete ' command.

It's well worth looking at the docs on the site particularly the 'Example' one which shows about 5 or 6 different server configs from simple to really complex. The stuff on Windows Browsing is particularly informative.

The logon script = logon.cmd just tells clients to execute a script called logon.cmd which they will find in the NETLOGON share, wherever that is located. You can create it and include batch commands eg for mapping network drives etc.

saudoi 10-24-2006 10:21 PM

Sorry, I dont really understand what you mean :(

As your experience, I need to create a 'root' Samba user with a DIFFERENT password from it's real linux one? How can i change that 'root' Samba user password? I don't know how to manage Samba users except that add new user by smbpasswd command.

Btw, i discover that the option


[root@spider ~]# testparm
Load smb config files from /etc/samba/smb.conf
Unknown parameter encountered: "domain admin group"
Ignoring unknown parameter "domain admin group"
Unknown parameter encountered: "domain admin users"
Ignoring unknown parameter "domain admin users"
Processing section "[homes]"
Processing section "[netlogon]"
Processing section "[profiles]"
Processing section "[printers]"
NOTE: Service printers is flagged unavailable.
Processing section "[public]"
Processing section "[technical]"
Loaded services file OK.
Server role: ROLE_DOMAIN_PDC

Seems both option "domain admin users" or "domain admin group" is invalid :(

saudoi 10-24-2006 10:36 PM

Ah ha, i just use "smbpasswd -a root" to add user root to SAMBA user list and set new password for 'root' different password its real linux. However, i also got error message "bad username or password" when i enter root and new password to Window prompt ???

saudoi 10-25-2006 12:14 AM

Great, now i can join Winxp to my Samba PDC server.

What i do:
1. Add root user to Samba and set new password for it

# smbpasswd -a root
password: xxxxxx
confirm: xxxxxx

2. Then i go to delete the existed machine account and re-create it again

# useradd -g 100 -d /dev/null -s /bin/false -c "win xp box" -M winxp$
# passwd -l winxp
# smbpasswd -a -m winxp

I don't know why i did add the add user script to smb.conf file but it doesn't work so i have to create user manually

      add user script = /usr/sbin/useradd -d /dev/null -g 100 -s /bin/false -M %u

3. Try to join to domain from XP. I can logon. But while logging on, i got message say that can not load a profile, have to use a local profile and not update to server.

andrewdodsworth 10-25-2006 05:17 AM

Good that you've got it working - the reason for the different root password is purely security - you don't want Windows to know about your real root password. Samba itself running on linux of course has to have root privileges bu it restricts what the users can do by what you put in the smb.conf.

The profile message is to do with 'roaming profiles'. When set up correctly on start up and logging in the Windows machine copies a load of stuff from the netlogon share to the PC and when you logout it copies it back from the local machine to the netlogon share. You need to have a look at exactly where that netlogon share is and also where the profiles are stored. Have a look at the logs as well to see what the error messages are.

All times are GMT -5. The time now is 08:40 PM.