Upgrade leaves an inoperate Administrator account [Was: Upgrade from S3 to a Samba4 DC]

Pavel Herrmann morpheus.ibis at gmail.com
Mon Sep 19 14:20:39 MDT 2011


On Monday 19 of September 2011 16:03:20 Adam Tauno Williams wrote:
> Quoting Adam Tauno Williams <awilliam at whitemice.org>:
> > Quoting Adam Tauno Williams <awilliam at whitemice.org>:
> >> Quoting Adam Tauno Williams <awilliam at whitemice.org>:
> >>> Quoting Adam Tauno Williams <awilliam at whitemice.org>
> >>> 
> >>>> Quoting Andrew Bartlett <abartlet at samba.org>:
> >>>>> The command has also been renamed in preparation for the Samba
> >>>>> 4.0 alpha 17 release, it is now 'samba domain samba3upgrade'.
> >>>> 
> >>>> I'm puzzled by how to read that.  Does that mean I use the
> >>>> "samba" program to invoke the upgrade?  After a git pull the
> >>>> previous upgrade script is gone;  but the syntax to get the same
> >>>> functionality doesn't seem obvious.
> >>>> /opt/s4/sbin/samba domain samba3upgrade --help
> >>>> doesn't provide any insight.
> >>> 
> >>> Ah ha!  You meant "samba-tool domain samba3upgrade"
> >> 
> >> smbclient --version
> >> Version 4.0.0alpha18-GIT-fa5475e
> >> This works, with one bug.  It doesn't generate an Administrator
> >> password (which the previous script would auto-generate one).
> >> $ export PATH=$PATH:/opt/s4/bin:/opt/s4/sbin
> >> $ samba-tool domain samba3upgrade --libdir=/tmp/x /tmp/x/smb.conf
> >> ....
> >> Server Role:           domain controller
> >> Hostname:              BARBEL
> >> NetBIOS Domain:        BACKBONE
> >> DNS Domain:            micore.us
> >> DOMAIN SID:            S-1-5-21-2037442776-**************
> >> Admin password:        None  <<<< ????
> >> Importing WINS database
> >> Importing Account policy
> >> ....
> >> Which then leaves me puzzled how to set an administrator password.
> >> "samba-tool domain samba3upgrade --help" doesn't mention a
> >> parameter to predetermine one.
> >> "samba-tool user password --username=administrator" prompts for a
> >> password.  Entering a blank password doesn't seem to explicitly
> >> fail but the operation fails with -
> >> ERROR: Failed to change password : Connection to SAMR pipe of PDC
> >> of domain 'BACKBONE' failed: NT_STATUS_OBJECT_NAME_NOT_FOUND
> > 
> > linux-hvej:~ # samba-tool domain samba3upgrade --libdir=/tmp/x
> > --adminpass=somepassword /tmp/x/smb.conf
> > Usage: samba-tool domain samba3upgrade [options] <samba3_smb_conf>
> > 
> > samba-tool: error: no such option: --adminpass
> 
> I can't get to a working Administrator account.
> 
>   --- set the administrator password with "setpassword"
> 
> linux-hvej:~ # /opt/s4/sbin/samba-tool user setpassword administrator
> New Password:
> Changed password OK
> 
>   --- kinit says my password expired, and can't change it (???)
> 
> linux-hvej:~ # kinit administrator at MICORE.US
> Password for administrator at MICORE.US:
> Password expired.  You must change it now.
> Enter new password:
> Enter it again:
> kinit: Password has expired while getting initial credentials4

you can try setting passwords to never expire

samba-tool pwsettings set --max-pwd-age=0




More information about the samba-technical mailing list