Machine accounts are no longer recognized in SAMBA 3.0-20-4

Steve Langasek vorlon at
Tue Dec 3 22:14:01 GMT 2002

Hi Irving,

On Tue, Dec 03, 2002 at 04:20:45PM -0500, Irving Carrion wrote:
> Yesterday we upgraded Samba to version 2.999+3.0.alpha20-4 and this
> morning NO-ONE was able to log in to the Samba PDC.  I upgraded from
> 20-3.  Nothing has changed in the smb.conf file.

> We are using the unstable version of Samba because this is the only
> version of SAMBA that works with our SNAP server.  (Damn SNAP!.  We
> should have built our own fileserver!!! ;(   )

> The error message on Win2k is something to the effect of "Your computer
> account is invalid or the password is incorrect"  

> I verified (using pdbedit -lv) that the computer account is there and
> that they were not expired.

> I have a debug 10 log ready for anyone who can help me.   

> Would really APPRECIATE ANY HELP anyone out there can give me!

> I reverted back to 20-3 with no success.  I also restored all the old
> .tdb's with no success.

Do you also have an old copy of smb.conf you could restore, or are you
eyeballing the smb.conf to confirm that nothing has changed?  Your
experience with switching back to -3 suggests that some change in the
packaging caused your smb.conf to be reconfigured incorrectly, but it's
not obvious to me what this change might have been.  Can you forward your
smb.conf file (either to this list or to the Debian BTS) for inspection?

How many workstations exhibited the "account is invalid" error?  Are you
able to try re-joining the domain from one of these workstations, to see
if this corrects the error?  If so, there's a question of whether your
passdb was somehow overwritten with old information (i.e., old versions
of the workstation shared secrets).

> Is there a way to disable samba looking for valid machine accounts
> temporarily so that users can log in while I try to fix this problem?

No, this is fundamental to domain logins; without a valid machine
account, there's no trust relationship between the workstation and the
PDC, and no way to securely verify the login credentials.

Steve Langasek
postmodern programmer
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url :

More information about the samba-technical mailing list