[Samba] net rpc vampire

Thu Sep 1 22:00:31 GMT 2005

On Thursday 01 September 2005 09:26, Julian Pilfold-Bagwell wrote:
> Ok folks, here goes:
>
>
> We have an old NT4 machine that we wish to replace as the PDC on our
> network.
>
> In it's place, we've got a dual xeon box with Mandrake LE2005 and Samba
> 3.0.13-2 and I'm currently trying to draw the accounts over with vampire.
> I'm using tdbsam as a backend.
>
> I've been through  several readme's and howto's and have created all the
> UNIX accounts, mapped unix groups to Windows groups etc and the NT4 server
> sees it as a BDC.
>
> When I run:
>
>  net rpc getsid -S NTserver -W SCHOOL -Uuser%password      (and the
> credentials aren't the real ones there)

What account name are you using?

- John T.

>
> I get:
>
> Storing SID S-1-5-WHATEVER-THE-SID-IS for Domain SCHOOL in secrets.tdb
>
> If I then run:
>
> net rpc vampire -S NTServer -W SCHOOL -Uuser%password
>
>
> it returns "could not retrieve domain trust secret"
>
>
>
>
>
> Running smb4k I can log into the domain controller and browse all the
> shares including the admin only ones so I'm sure that that name/password
> combination is fine.
>
>
> One other thing is that I get the reply "Error domain join verification
> (reused connection)" when I run "net rpc join.... blah blah" but according
> to the nmbd log it is functioning as a BDC - Problem?
>
> Also, I can find no way of seeing whether or not the SID was copied into
> the secrets.tdb file. Is there a way?
>
> The smb.conf is as shown below:
>
>
> [global]
> workgroup = SCHOOL
> netbios name = LINUXSERVER
> server string = Samba Server %v
> log file = /var/log/samba/log.%m
> max log size = 50
> log level = 3
> hosts allow = xxx.xxx.xxx.xx, xxx.xxx.xxx.xx
> security = user
> encrypt passwords = yes
> passdb backend = tdbsam
> unix password sync = Yes
> passwd program = /usr/bin/passwd '%u'
> passwd chat = *New*UNIX*password* %n\n *Re*ype*new*UNIX*password* %n\n \
> *passwd:*all*authentication*tokens*updated*successfully*
> socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
> remote announce = xxx.xxx.xxx.xx, xxx.xxx.xxx.xx
> domain logons = Yes
> local master = No
> domain master = No
> preferred master = No
> os level = 22
> enable privileges = yes
> name resolve order = bcast lmhost wins
> add user script = /usr/sbin/useradd -s /bin/false '%u'
> delete user script = /usr/sbin/userdel '%s'
> add user to group script = /usr/bin/gpasswd -a '%u' '%g'
> delete user from group script = /usr/bin/gpasswd -d '%u' '%g'
> set primary group script = /usr/sbin/usermod -g '%g' '%u'
> add group script = /usr/sbin/groupadd %g && getent group '%g'|awk -F:
> '{print $3}'
> delete group script = /usr/sbin/groupdel '%g'
> add machine script = /usr/sbin/useradd -d /dev/null -g machines -c "machine
> account" -s /bin/false %u
> logon path = \\%L\Profiles\%G
> logon script = %G.bat
> logon drive = n:
> logon home = \\xen\%u
> wins support = no
> wins server = xxx.xxx.xxx.xx
> dns proxy = no

-- 
John H Terpstra
Samba-Team Member
Phone: +1 (650) 580-8668

Author:
The Official Samba-3 HOWTO & Reference Guide, 2 Ed., ISBN: 0131882228
Samba-3 by Example, 2 Ed., ISBN: 0131882221X
Hardening Linux, ISBN: 0072254971
Other books in production.