/ max / comp / Samba as PDC /

/ Markus Amersdorfer:home / university / about:me /

0. Abstract

How to join a Windows 2000 or Windows XP client to a Samba-PDC controlled domain (checked with Debian Woody's Samba 2.2.3a and Windows 2000 SP3 as well as Windows XP Professional SP1):

1. Windows 2000 or Windows XP client

Give the machine the name it later shall have when joined to the domain, for example XE3.
"Join" a normal workgroup, e.g. WORKGROUP (and thus also leave the domain if already joined to one).
Windows XP client: Run the registry patch WinXP_SignOrSeal.reg.
Reboot.

2. Linux (Debian Woody, Samba 2.2.3a)

  useradd -d /dev/null -c "XE3 account" -s /bin/false xe3$
  passwd -l xe3$
  smbpasswd -a -m xe3
  smbpasswd root  [only necessary if you don't know a possibly already set password]
    (for security reasons, give the samba-user root a
     different password than the linux admin user root has.)
    (if the samba-user "root" does not exist yet, you will get an error
     message after entering the password. just create the user by
     entering "smbpasswd -a root" instead of "smbpasswd root".)

Mind the $ in the first two commands, but not in the third!
Also, before "smbpasswd"-adding the machine account, make sure, there isn't already an entry with the same name in the smbpasswd-file (for example from a previously joined machine which had the same name).
Here is my (shortened) smb.conf.

3. Windows 2000 or Windows XP client

System Properties -- Network Identification -- Properties
(o) Domain: LINUX -- [or whatever your domain is called]
< OK >
User root -- [password from above's Samba-root-user]
After about a minute: "Welcome to the Domain"
Reboot.

You can log in with a Samba user now (perhaps you need to create one previously, e.g. "smbpasswd -a max") and LINUX as the domain.

4. Win2k- or XP-client providing shares too

According to Linux New Media's Linux Magazin, edition 2/2003, article King of the Castle, section "Kollegen sind herzlich willkommen", it is vital to deactivate the checkbox "Primäres DNS-Suffix bei Domänenmitgliedschaftsänderung ändern" as there are no Active Directories within Samba-environments.
This checkbox can be reached via "Systemeigenschaften -- Identifikation -- Eigenschaften -- Änderung der Benutzerinformation -- Erweitert -- DNS-Suffix und NetBIOS-Computername". after closing the window, act "as usual" within the window "Änderungen der Benutzerinformation".

99. Add-ons and hints

After step 1, make sure you have a working network and basically can access the server's shares from the Win2k client with a given user (e.g. "max" or "olaf").
The domain name should consist of an odd number of letters (such as LINUX does). This is not necessarily important, anyway, there are people who had problems with an even number. :)
root of course must not be in the list of "invalid users" in smb.conf when joining the domain.
I had some problems with a specific smb.conf not being able to join the domain. I didn't really figure out, what the faulty option or configuration exactly was, but it seems that a specified "wins server = xxx.xxx.xxx.xxx" in smb.conf which the Win2k-client did _not_ use was responsible. Commenting the "wins server" entry seemed to do the trick.
Here's the Unofficial Samba HOWTO by David Lechnyr. Especially section "5.3 Windows XP Oddities" helps to get rid of annoying Event Viewer notifications.