DANGER WILL ROBINSON
I am creating this as I go, so it will not be complete and working until I remove this message. You have been warned.
The Beginnings of the Samba As PDC Wiki - excuse the bad layout etc while I get everything sorted properly.
Had to do:
In order for a machine to join a domain controlled by a Samba server, the user given from the workstation must have root priviledges on the PDC. ie, user root will do.
If you want to join the DOMAIN "WLUG", do not have the workstation already in the WORKGROUP "WLUG" as things do not work correctly. To get around this, change the WORKGROUP of the workstation to something that is not "WLUG".
Reboot [ok, Windows. Cool huh?
Change from WORKGROUP to DOMAIN and put in "WLUG". Apply. You should be prompted for a username/password. This is where you MUST give a user that has root priviledges on the Linux PDC. ie root.
All things going well, this will create the machine account in the smbpasswd file. Without this "trust", the machine cannot log into the domain.
You will have created user accounts on the Linux PDC - yes, real accounts, although I guess the shell can be /bin/false or /dev/null - shouldn't matter.
This will create the user account - one that they can't login directly to a shell. Create a password, then create their Samba password.
Now that this is done, tweak your left nipple, touch your right knee, and pray to Allah, boom shanka, working Samba PDC.
O.k. just did this on a Windows 2000 machine, and had the problem that after joining the domain I could still not log on and got "Initialization failed because the requested service redirector could not be started." in the win2k event log. After some chatting on IRC it has been revealed to me that you will need a further reboot to get the thing working. Which for me seemed to fix it. There is a related TechNet? article http://support.microsoft.com/default.aspx?scid=KB;EN-US;Q262348&
Note that this was performed using WinXP Pro and a Samba 3.0 PDC with LDAP backend. YMMV. Also note that you cannot get WinXP Home to join a domain. At all. Ever.
IBM have some information on this.
You follow the normal procedure for joining a NT-class machine to the domain (ie, create machine accounts etc). However, before you try to join the XP machine to the domain, do the following:
And voila, it all works.
XP handles domain stuff differently to the previous OSs. Amongst other things, it always wants to synchronise offline files, which is a pain.
Also, be careful when you log in with a user who has 'admin user' with XP. Most likely it will try and create the profiles, which will be owned by root. XP will barf and complain. Works fine with NT4, though, don't know about 2k. So either chown stuff to the right user, or set up some stick permission thingies somewhere. Things should magically come right.
If when joining the machine to the domain you receive the error "The RPC Server is Unavailable" try setting a static IP address on the XP machine then try joining again. This often seems to be related to bad WINS settings in DHCP, from reading things in the MS KB, Usenet, etc. In my case, my DHCP server was sending out H-node (8) for the NetBIOS node type. Changing it to P-node (2) seemed to make this "RPC Server" error go away, as did M-node (4).
--- http://home.t-online.de/home/c.ehbrecht/WebWiki/SambaPdcServer.html might have some useful hints in it too.