[Samba] RE: Machine accounts are no longer recognized in SAMBA 3.0-20-4
Irving Carrion
icarrion at allinterior.com
Tue Dec 3 22:31:00 GMT 2002
After verifying my smb.conf file, the only thing that changed was this
"panic action" command was added. My smb.conf is attached.
All our workstations stopped working. If I change the computer name,
switch to workgroup, then try to re-join the domain under a different
computer name, it works. Do you know what .tdb file machine information
is stored in.
Also I exported all information from the pdbedit backend using pdbedit
-e to an smbpasswd format and everything looked fine. All machine
accounts were listed. So I don't think it's the passdb.tdb.
I'm really puzzled by this one.
Thanks!
IRV
-----Original Message-----
From: samba-technical-admin at lists.samba.org
[mailto:samba-technical-admin at lists.samba.org] On Behalf Of Steve
Langasek
Sent: Tuesday, December 03, 2002 5:13 PM
To: Irving Carrion
Cc: samba-technical at lists.samba.org; Eloy Paris
Subject: Re: Machine accounts are no longer recognized in SAMBA 3.0-20-4
Hi Irving,
On Tue, Dec 03, 2002 at 04:20:45PM -0500, Irving Carrion wrote:
> Yesterday we upgraded Samba to version 2.999+3.0.alpha20-4 and this
> morning NO-ONE was able to log in to the Samba PDC. I upgraded from
> 20-3. Nothing has changed in the smb.conf file.
> We are using the unstable version of Samba because this is the only
> version of SAMBA that works with our SNAP server. (Damn SNAP!. We
> should have built our own fileserver!!! ;( )
> The error message on Win2k is something to the effect of "Your
computer
> account is invalid or the password is incorrect"
> I verified (using pdbedit -lv) that the computer account is there and
> that they were not expired.
> I have a debug 10 log ready for anyone who can help me.
> Would really APPRECIATE ANY HELP anyone out there can give me!
> MORE INFORMATION:
> I reverted back to 20-3 with no success. I also restored all the old
> .tdb's with no success.
Do you also have an old copy of smb.conf you could restore, or are you
eyeballing the smb.conf to confirm that nothing has changed? Your
experience with switching back to -3 suggests that some change in the
packaging caused your smb.conf to be reconfigured incorrectly, but it's
not obvious to me what this change might have been. Can you forward
your
smb.conf file (either to this list or to the Debian BTS) for inspection?
How many workstations exhibited the "account is invalid" error? Are you
able to try re-joining the domain from one of these workstations, to see
if this corrects the error? If so, there's a question of whether your
passdb was somehow overwritten with old information (i.e., old versions
of the workstation shared secrets).
> Is there a way to disable samba looking for valid machine accounts
> temporarily so that users can log in while I try to fix this problem?
No, this is fundamental to domain logins; without a valid machine
account, there's no trust relationship between the workstation and the
PDC, and no way to securely verify the login credentials.
--
Steve Langasek
postmodern programmer
-------------- next part --------------
# Global parameters
[global]
# Do something sensible when Samba crashes: mail the admin a backtrace
panic action = /usr/share/samba/panic-action %d
workgroup = DOMAIN1
netbios name = SAMBA
server string = %h server (Samba %v)
security = user
encrypt passwords = true
passdb backend = smbpasswd
#passdb backend = smbpasswd unixsam
#passdb backend = smbpasswd tdbsam unixsam
guest ok = yes
null passwords = Yes
passwd program = /usr/bin/passwd %u
passwd chat debug = yes
debug level = 3
log level = 3
passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n *passwd:\spassword\supdated* .
non unix account range = 10000-20000
add machine script = /usr/sbin/useradd -d /dev/null -g 100 -s /bin/false -M %u
unix password sync = Yes
syslog = 0
log file = /var/log/samba/log.%m
max log size = 1000
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
name cache timeout = 0
#add user script = /usr/local/samba/bin/add_user %u
add user to group script = /usr/sbin/useradd %u %g
delete user from group script = /usr/sbin/userdel %u %g
delete group script = /usr/sbin/groupdel %g
delete user script = /etc/samba/scripts/del_user %u
add user script = /usr/sbin/useradd -g %u %u
logon script = logonscript.bat
logon path =
logon home =
logon drive =
domain logons = Yes
local master = yes
os level = 64
preferred master = True
domain master = True
#dns proxy = No
enhanced browsing = yes
wins support = Yes
printcap name = lpstat
printing = cups
use client driver = Yes
print command = lp -d%p -oraw %s; rm %s
lpq command = lpstat -o%p
lprm command = cancel %p-%j
queuepause command = disable %p
queueresume command = enable %p
show add printer wizard = yes
[netlogon]
comment = Network Logon Service
path = /home/samba/netlogon
guest ok = Yes
share modes = No
More information about the samba
mailing list