Upgrade leaves an inoperate Administrator account [SICCESS]

Adam Tauno Williams awilliam at whitemice.org
Tue Sep 20 07:22:03 MDT 2011 

Quoting Pavel Herrmann <morpheus.ibis at gmail.com>:
> On Monday 19 of September 2011 16:03:20 Adam Tauno Williams wrote:
>> Quoting Adam Tauno Williams <awilliam at whitemice.org>:
>> > Quoting Adam Tauno Williams <awilliam at whitemice.org>:
>> >> Quoting Adam Tauno Williams <awilliam at whitemice.org>:
>> >> smbclient --version
>> >> Version 4.0.0alpha18-GIT-fa5475e
>> >> This works, with one bug.  It doesn't generate an Administrator
>> >> password (which the previous script would auto-generate one).
>> >> $ export PATH=$PATH:/opt/s4/bin:/opt/s4/sbin
>> >> $ samba-tool domain samba3upgrade --libdir=/tmp/x /tmp/x/smb.conf
>> >> ....
>> >> Server Role:           domain controller
>> >> Hostname:              BARBEL
>> >> NetBIOS Domain:        BACKBONE
>> >> DNS Domain:            micore.us
>> >> DOMAIN SID:            S-1-5-21-2037442776-**************
>> >> Admin password:        None  <<<< ????
>> >> Importing WINS database
>> >> Importing Account policy
>> >> ....
>> >> Which then leaves me puzzled how to set an administrator password.
>> >> "samba-tool domain samba3upgrade --help" doesn't mention a
>> >> parameter to predetermine one.
>> >> "samba-tool user password --username=administrator" prompts for a
>> >> password.  Entering a blank password doesn't seem to explicitly
>> >> fail but the operation fails with -
>> >> ERROR: Failed to change password : Connection to SAMR pipe of PDC
>> >> of domain 'BACKBONE' failed: NT_STATUS_OBJECT_NAME_NOT_FOUND
>> > linux-hvej:~ # samba-tool domain samba3upgrade --libdir=/tmp/x
>> > --adminpass=somepassword /tmp/x/smb.conf
>> > Usage: samba-tool domain samba3upgrade [options] <samba3_smb_conf>
>> > samba-tool: error: no such option: --adminpass
>> I can't get to a working Administrator account.
>>   --- set the administrator password with "setpassword"
>> linux-hvej:~ # /opt/s4/sbin/samba-tool user setpassword administrator
>> New Password:
>> Changed password OK
>>   --- kinit says my password expired, and can't change it (???)
>> linux-hvej:~ # kinit administrator at MICORE.US
>> Password for administrator at MICORE.US:
>> Password expired.  You must change it now.
>> Enter new password:
>> Enter it again:
>> kinit: Password has expired while getting initial credentials4
> you can try setting passwords to never expire
> samba-tool pwsettings set --max-pwd-age=0

Bingo!

export PATH=$PATH:/opt/s4/sbin/:/opt/s4/bin/
samba-tool domain passwordsettings set --max-pwd-age=0
/opt/s4/sbin/samba-tool user setpassword administrator
kinit administrator at MICORE.US

Success;  I have Kerberos tokens in my keytab (klist)

More information about the samba-technical mailing list