cannot rename windows xp machine in samba4

Matthieu Patou mat at samba.org
Tue May 1 00:32:53 MDT 2012 

On 04/29/2012 12:58 AM, Vladimir Obukhov wrote:
> Hello,
> I've installed samba4 as domain controller on ubuntu 12.04 LTS
> package versions:
>
> samba4                            4.0.0~alpha18.dfsg1-4ubuntu2
> bind9                            1:9.8.1.dfsg.P1-4
> I've tuned apparmor so that there are no 'denied' messages on the logs (it
> allows bind to rw to needed dirs and mmap needed modules)
>
> both machines (ubuntu and win xp) are vmware virt machines
>
> hostnames: ubuntu and ws1
>
> ip address of the ubuntu server is 192.168.99.1
> ip address of the windows xp machine 192.168.99.101
> I used this howto for my setup
> http://wiki.samba.org/index.php/Samba4/HOWTO
>
> here are my provision script parameters:
>
> /usr/share/samba/setup/provision --realm=fsd.local --domain=FSD
> --adminpass=2UjM4kVeWC --server-role='domain controller'
> here is my smb.conf
>
> # Global parameters
> [global]
>          server role = domain controller
>          workgroup = FSD
>          realm = fsd.local
>          netbios name = UBUNTU
>          passdb backend = samba4
>          log level = all:5
> [netlogon]
>          path = /var/lib/samba/sysvol/fsd.local/scripts
>          read only = No
> [sysvol]
>          path = /var/lib/samba/sysvol
>          read only = No
> log level is 5, I tried to make it 10, too much logs. But never the less I
> have level 10 logs and I was able to find error in it, thought the error
> also appear at log level 5.
>
> samba4 and bind9 are up and running
> I've joined winxp to samba4 domain just fine, added test user (using
> dsa.msc, everything was smooth) and logged in just fine
> then I've tried to rename windows xp (my computer right mouse, computer
> name, change)
> and here's where I stuck
> I've made a little research and here are my results, sorry if they are a
> bit clumsy, I'm doing this for the first time
>
> after I've joined winxp 'ws1' samba4 domain here's ldbsearch:
>
> ldbsearch -H /var/lib/samba/private/sam.ldb.d/DC\=FSD\,DC\=LOCAL.ldb cn=ws1
>
> # record 1
> dn: CN=WS1,CN=Computers,DC=fsd,DC=local
> objectClass: top
> objectClass: person
> objectClass: organizationalPerson
> objectClass: user
> objectClass: computer
> cn: WS1
> instanceType: 4
> whenCreated: 20120429072823.0Z
> uSNCreated: 3723
> nTSecurityDescriptor:
>     [skipped]  IF THIS MATTERS I CAN DO FRESH INSTALL AND COPYPASTE
> name: WS1
> objectGUID: 535ca94f-a62f-4966-8c96-513c6059956c
> badPwdCount: 0
> codePage: 0
> countryCode: 0
> badPasswordTime: 0
> lastLogoff: 0
> lastLogon: 0
> objectSid: S-1-5-21-319135572-3476560769-115919443-1104
> accountExpires: 9223372036854775807
> logonCount: 0
> sAMAccountName: WS1$
> objectCategory:
> <GUID=0370df20-8e21-4077-bd8a-8e5da630da45>;CN=Computer,CN=Sch
>   ema,CN=Configuration,DC=fsd,DC=local
> sAMAccountType: 805306369
> isCriticalSystemObject: FALSE
> primaryGroupID: 515
> unicodePwd:: B8/uLgVr57O6hx4uf3Hn8w==
> ntPwdHistory:: B8/uLgVr57O6hx4uf3Hn8w==
> supplementalCredentials::
> AAAAAOQFAAAAAAAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAg
>     [skipped] IF THIS MATTERS I CAN DO FRESH INSTALL AND COPYPASTE
> pwdLastSet: 129801581030000000
> displayName: WS1$
> userAccountControl: 4096
> dNSHostName: ws1.fsd.local
> servicePrincipalName: HOST/ws1.fsd.local
> servicePrincipalName: HOST/WS1
> operatingSystem: Windows XP Professional
> operatingSystemServicePack: Service Pack 3
> operatingSystemVersion: 5.1 (2600)
> replPropertyMetaData::
> AQAAAAAAAAAcAAAAAAAAAAAAAAABAAAAl36tBQMAAABIl4kYEwnrT71
>    [skipped] IF THIS MATTERS I CAN DO FRESH INSTALL AND COPYPASTE
> whenChanged: 20120429072827.0Z
> uSNChanged: 3728
> distinguishedName: CN=WS1,CN=Computers,DC=fsd,DC=local
> then I try to rename 'ws1' to 'ws2' as I described above, I got the the
> error saying
> "cannot create file because it exists already" (I've got the error in
> russian so I've translated it)
>
> here what I got in /var/log/samba/samba.log
>
> again
> ldbsearch -H /var/lib/samba/private/sam.ldb.d/DC\=FSD\,DC\=LOCAL.ldb cn=ws1
>
> # record 1
> dn: CN=WS1,CN=Computers,DC=fsd,DC=local
> objectClass: top
> objectClass: person
> objectClass: organizationalPerson
> objectClass: user
> objectClass: computer
> cn: WS1
> instanceType: 4
> whenCreated: 20120429072823.0Z
> uSNCreated: 3723
> nTSecurityDescriptor:
> O:S-1-5-21-319135572-3476560769-115919443-512G:S-1-5-21-
>      [skipped] IF THIS MATTERS I CAN DO FRESH INSTALL AND COPYPASTE
> name: WS1
> objectGUID: 535ca94f-a62f-4966-8c96-513c6059956c
> badPwdCount: 0
> codePage: 0
> countryCode: 0
> badPasswordTime: 0
> lastLogoff: 0
> lastLogon: 0
> objectSid: S-1-5-21-319135572-3476560769-115919443-1104
> accountExpires: 9223372036854775807
> logonCount: 0
> objectCategory:
> <GUID=0370df20-8e21-4077-bd8a-8e5da630da45>;CN=Computer,CN=Sch
>   ema,CN=Configuration,DC=fsd,DC=local
> sAMAccountType: 805306369
> isCriticalSystemObject: FALSE
> primaryGroupID: 515
> unicodePwd:: B8/uLgVr57O6hx4uf3Hn8w==
> ntPwdHistory:: B8/uLgVr57O6hx4uf3Hn8w==
> supplementalCredentials::
> AAAAAOQFAAAAAAAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAg
>     [skipped] IF THIS MATTERS I CAN DO FRESH INSTALL AND COPYPASTE
> pwdLastSet: 129801581030000000
> userAccountControl: 4096
> dNSHostName: ws1.fsd.local
> operatingSystem: Windows XP Professional
> operatingSystemServicePack: Service Pack 3
> operatingSystemVersion: 5.1 (2600)
> sAMAccountName: WS2$
> servicePrincipalName: HOST/ws1.fsd.local
> servicePrincipalName: HOST/WS2
> whenChanged: 20120429073855.0Z
> displayName: WS2$
> replPropertyMetaData::
> AQAAAAAAAAAcAAAAAAAAAAAAAAABAAAAl36tBQMAAABIl4kYEwnrT71
>      [skipped] IF THIS MATTERS I CAN DO FRESH INSTALL AND COPYPASTE
> uSNChanged: 3733
> distinguishedName: CN=WS1,CN=Computers,DC=fsd,DC=local
> It seems samba4 tried to change the name and then something crashed
> I've run samba_dnsupdate --verbose and got "No DNS updates needed"
The samba_dnsupdate is just for samba4 own DNS records.

> I can post /var/log/samba/samba.log somewhere if needed, but it's rather
> huge.
>
> What am I doing wrong? Please help, thanks

So now in Computer properties in XP, what's the name ?

I have the feeling that XP is sending a create when it should in fact 
send a rename, to help us it would be great to:

* leave XP from the domain
* join the domain
* stop the vm
* start a tcpdump capture (check 
https://wiki.samba.org/index.php/Capture_Packets) on the ubuntu box
* export the keytab of the domain (attention with this we have access to 
ALL the password so do it on a test domain with password that you 
_never_ use in production), check 
https://wiki.samba.org/index.php/Keytab_Extraction for the method to 
export the keytab
* start the vm
* log in with the admin, if possible note the packet number after the 
user has logged in
* rename the workstation

Send us the capture it might be helpful.

HTH, Matthieu.

-- 
Matthieu Patou
Samba Team
http://samba.org

More information about the samba-technical mailing list