Samba as PDC not working [SOLVED]

[Cottonee]

Hello all,
I have a problem of setting SAMBA as "Primary Domain Controller" and want XP client to join into samba domain. The problem is, after SAMBA running, XP cannot join(change from workgroup to domain) into SAMBA domain name. The error output was "A domain controller for the domain school could not be contacted".However, If I clicked in My Network Places's icon I can see SAMBA server (school) in their and also can get inside by put username as root with password into login dialog box. Then I can also edit or create file in root home driectory.

My SAMBA server is 192.168.0.5
netbios name = solar
domain = school

Here is my smb.conf

[adaptr]

At this time, Samba can not yet emulate a true AD domain controller or DC; the best you're going to get is a PDC for an NT LANMAN network or a member server of an AD domain.
Since XP (or 2000) can't connect to a PDC as domain controller, this will not work.
You can, however, use the Samba server as a regular workgroup server for Win2K/XP machines.
You'll need to disable the PDC stuff and NOT log onto the "domain" with the XP machines - you don't actually have a real AD domain.
Just make the XP machine a member of the workgroup.

[Cottonee]

adaptr,
That what I am going to setup(SAMBA PDC). A domain(Linux Samba) for windows client(98 and XP) to share file and printer. Workgroup is not I want.
Thanks for help

-Nat

[adaptr]

I understand that, and I'm telling you that you can't - not for Windows XP.
For windows9x you can emulate a PDC and log on to the domain and even have roaming profiles and all sorts of goodness, but for a Win2K or WinXP client, you have to run a real DC to be able to log on to the domain that the DC hosts.
An NT/Lanman domain is not the same as an AD domain - far from it.
So, if you have to have both win98 and winxp clients on this network, you have a few choices:
1. use only workgroup networking for all machines, both 98 and xp can do that fine with Samba
2. use domain logons for win98 and workgroup networking for XP, as long as there are NO "real" WIn2K DC's on the network this will work too;
3. Run a real DC, including paying for all the clients and the rest of the M$ brouhaha... probably not an option

Maybe I'd better try to explain a bit further:
Even though you may run Samba as a PDC for any Win9x clients, this does not mean that you will then have a domain that you can log on to with any 2K/XP clients - you can't, they will only see it as a workgroup.

[Cottonee]

I think I getting confuse now, adaptr. According to the book "Using SAMBA" from O'Reilly http://us1.samba.org/samba/docs/using_samba/ch04.html
on Chapter 4 Windows NT domain. They said SAMBA can be a PDC and offer domain login for WinALL (except XP home edition). So, XP client can join SAMBA (Basically NT domain).

See figure 4-10 and 4-11. My XP's error message come up after I click OK button in Computer Name Change page as figure 4-10.

correct me if I am wrong.

[adaptr]

No, you're not wrong, as such, it's just that there is a huge difference between logging on to a WIn NT domain and logging on to an AD domain.

But I do beg your pardon, as I hadn't checked the docs for Samba for some time now, and this current info is much better than what I had at the time (years ago).

So, assuming that you've followed that chapter, did you enter the root username and (different) password as suggested?

Maybe XP has the option either to support or not support NT-style logins?
(the servers do have this option)

Do double-double check all the smb.conf settings - I know, sounds stupid, but there are SO many things that can go wrong here...

I really should look into this myself again sometime - it seems to have improved tremendously!

[Cottonee]

Yep, I did everything according to that chapter. But haven't got domain login's dialog box but got an error message instead. And I found out that XP client tried to contact SAMBA at port 137 or 138 for Domain login BUT there are no services running on those ports. This might be the reason why XP cannot found or join PDC.

anyone know?... please help...

[Crimson Rider]

I know. I have had a similair problem for the XP clients in the Samba PDC I am running.

The solution is often suprisingly simple, first off, IBM has an excellent tutorial on using Samab as PDC, check here :

http://www-106.ibm.com/developerworks/eserver/tutorials/samba/

Second off, log in to your Windows XP box, and search the registry for the following

RequireSignOrSeal
SignOrSeal

Set all these keys to 0 and your XP boxes should be able to log on to the domain, do note the you need WinXP Pro to be able to use domains.
_________________
Code, justify, code - Pitr Dubovich

[kdillen]

I know that XP is working great with samba. And I have seen here people who say it doesn't work you can be sure you can get it to work.

I have also seen that you must disable the signorseal in windows XP. But what I am missing is one question.

Have you created the system accounts in your passwd ? Because they are not needed for Win9x but for NT, W2000 and XP Pro they are needed. As long that they don't excist you cannot add your system to your Samba Domain.

[Cottonee]

Yep, I created all root and machine account. That why I can made it work under Mandrake 9.1. And I did the same thing with Gentoo but it doesn't. It keep say that "Domain Controller could not be contacted". It seem like it cannot found PDC in the network at all. But I can browse into "My Network Place" and see my SAMBA server icon in their but cannot join into domain. Any idea?

Update: I also edit XP registry as adviced in SAMBA tutorial.

[ytak]

Hi!
Maybe it's not much of a help but right now I'm fighting with the same problems.

I just found out that the script (add user script parm. in smb.conf) doesn't work properly. Thus if you insert a user with the corresponding maschine-name into the /etc/passwd - file manually smbd knows how to handle it and winXPPRO can join the domain