[Samba] Re-Join NT Domain after Samba Upgrade

Ben Griffith bgriffit at email.unc.edu
Wed Apr 10 10:21:02 GMT 2002


I was running samba 2.2.1a. The client was a member of an NT domain and 
did domain authentication for allowing users to connect to shares.

I upgraded to 2.2.3a. Before the install, I backed up the MACHINE.SID and 
secrets.tdb files. After installing 2.2.3a, I copied the backed up MACHINE 
and secrets files back to the proper locations. After starting 2.2.3a, I 
am no longer allowed to do domain authentication.

smbclient -L localhost -U <valid domain user>
Password: <valid user password>
session setup failed: NT_STATUS_LOGON_FAILURE

I thought that the MACHINE.SID file and the secrets.tdb file were the 
"important secret files" that the samba client and the PDC worked out when 
the client joined the domain. If these have not changed, how is the 
account now invalid? How is this any different than stopping and 
re-starting the samba server? Especially on a minor version upgrade.

All of the postings about re-joining a domain talk about having to access 
the NT PDC and delete/re-create the machine accont for my samba server. As 
I don't have that kind of access on our PDC, and our PDC admins are a 
little prickly, I would like to not hassle them.

Have I missed something, or does my samba client look different to the PDC 
now even though  ( what I thought were ) the identifying files have not 

Is deleting and re-creating the machine account the only way to fix this?

Is having to re-create the NT machine account for samba upgrades a common 


Ben Griffith
bgriffit at email.unc.edu

More information about the samba mailing list