[Samba] w2k pro no longer trusted by 2.2.3 pdc

Rasmus Reinholdt Nielsen rasmus at narani.dk
Wed Aug 14 00:16:00 GMT 2002 

Hi

Try this line for useradd script, add user script = /usr/sbin/adduser -n -g 
100 -c %m -d /dev/null -s /bin/false %m$

Since you %u add's the username instead of the machinename.

What OS are you using?


Rasmus

At 17:47 13-08-2002 -0400, mitchbnj at excite.com wrote:

>Hi.  I am still having problems:
>Quick synopsis:
>NT workstation cannot have machine acccount successfully trusted by PDC.
>
>  ---------Here's my problem------(LONG)------------------
>
>I have several W2k Workstations, with a SAMBA 2.2.3 PDC.
>I screwed up something, and removed all of the important parts of the 
>server validation.
>  Here's the story:  OUTLAND is domain, W2k/ clients are milo  and lola
>They WERE working fine on the domain.  I did SOMETHING (??) and now I get 
>a message that says
>** Error Message  1**
>  (when I try and log on: The system cannot log you on to this domain 
> because the system computer account in its primary domain  is missing or 
> the password on that account is incorrect.
>
>++Step 1++: I tried to delete the machine accounts (milo$ and lola$) using 
>userdel and smbpasswd -x to eliminate all traces.
>++Step 2++: Tried to change out of domain, changed machine name, log in: 
>still no good, same messages.
>++Step 3++: Tried the same thing, but this time also deleted the 
>secrets.tdb file, and the MACHINE file.  Then did a smbpasswd to add  the 
>root account again. STILL same problem.
>++Step 4++: Then changed the machine name and (domain) out of the outland 
>domain. So I changed the name of the client to stevedallas, and the 
>workgroup to temp.  That change worked ok.  After this, I logged in, ok 
>(as admin), and was then able to change back to the outland domain.
>
>++Step 5++: Next logged in as workstation/administator and I added new 
>user/browse and it did see the outland domain.   Then, clicked my outland 
>domain name, and next and
>next error message  was
>** Error Message ** : The user could not be added because the following 
>error has occurred.  The trust relationship between this workstation and 
>the primary domain failed.
>
>SO I am stuck without getting any user logins (at least I can login 
>as  admin. please point me in the right direction??? thanks
>
>Step 6:  REINSTALLED WIN2k.. SAME results.
>
>Step 7:  Posted the SMB.conf, as well as the machine logs and rejects to 
>List.
>GOT No responses whatsoever.
>
>Step 8:  I am desperate..   I tried the following:
>Stopped all clients, and server.
>
>Removed SMB.conf and brought it to almost clean state.
>THEN removed smbpasswd , secrets,tdb  as well as the MACHINE file
>
>Then started up.
>
>Same series of messages.
>
>NOTE:  I deleted all comments from here for brevity (ha...)
>
>=====  NEW (still failing ) SMB.conf  file  =====
>#Mitch SMB.conf 8/13/02
>[global]
>workgroup = OUTLAND
>netbios name = OUTLANDSVR
>server string = Samba Server %v %U
>
>log file = /var/log/samba/log.%m
>
>max log size = 50
>
>hosts allow = 192.168.10.0
>hosts deny  = 68.0.0.0
>
>security = user
>encrypt passwords = yes
>smb passwd file = /etc/samba/smbpasswd
>
>unix password sync = Yes
>passwd program = /usr/bin/passwd %u
>passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n
>*passwd:*all*authentication*tokens*updated*successfully*
>
>socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
>
>local master = yes
>os level = 66
>domain master = yes
>preferred master = yes
>domain logons = yes
>
>logon script = %m.bat
>logon script = welcome.bat
>
>logon path = \\%L\Profiles\%U
>
>; logon home = \\%L\%U\.profile
>
>add user script = /usr/sbin/useradd -d /dev/null -g machines -c 'Machine 
>Account' -s /bin/false -M %u
>domain admin group = root @wheel @admins mbruntel
>
>name resolve order = wins lmhosts bcast
>
>wins support = yes
>
>dns proxy = yes
>
>
>#=======Share Definitions  ============
>[homes]
>comment = Home Directories
>browseable = no
>writable = yes
>
>[netlogon]
>comment = Network Logon Service
>path = /var/lib/samba/netlogon
>read list = @family
>write list = mbruntel ntadmin @admins @family
>force group = @family
>guest ok = yes
>writable = no
>
>
>[Profiles]
>comment = samba roaming profiles  here
>path = /var/lib/samba/profiles
>browseable = yes
>guest ok = yes
>
>[mbruntel]
>comment = Mitch's Home Stuff
>path = /home/mbruntel/dosroot/realroot
>valid users = mbruntel
>writable = yes
>max connections  = 8
>browseable = yes
>
>[cbruntel]
>comment = Cheryl's Home Stuff
>path = /home/cbruntel/dosroot/realroot
>valid users = cbruntel mbruntel
>writable = yes
>max connections  = 8
>
>[software]
>comment = SW shared directory
>path = /software
>valid users = cbruntel mbruntel @family zbruntel moogirl
>writable = yes
>
>[bigfiles]
>comment = Files directory
>path = /files
>valid users = cbruntel mbruntel @family zbruntel moogirl
>writable = yes
>force group = @family
>guest ok = Yes
>read only = No
>
>[files]
>comment = Files directory
>path = /files
>valid users = cbruntel mbruntel @family zbruntel moogirl
>writable = yes
>force group = @family
>guest ok = Yes
>read only = No
>inherit permissions = Yes
>
>[mail]
>comment = Mail Home directory
>path = /var/spool/mail
>valid users = cbruntel mbruntel
>admin users = cbruntel mbruntel
>sync always = Yes
>strict sync = Yes
>writable = Yes
>force group = @family
>guest ok = Yes
>read only = No
>inherit permissions = Yes
>
>===  End of  (still failing ) SMB.conf  file  ===
>
>===Start machine log : Stevedallas:
>   (before changing to domain outland)===
>
>[2002/08/13 16:05:08, 0] rpc_server/srv_netlog_nt.c:get_md4pw(176)
>   get_md4pw: Workstation stevedallas$: no account in domain
>[2002/08/13 16:05:15, 0] smbd/service.c:make_connection(381)
>   mbruntel logged in as admin user (root privileges)
>[2002/08/13 16:05:15, 0] smbd/service.c:make_connection(248)
>   stevedallas (192.168.10.184) couldn't find service bigfiles
>[2002/08/13 16:05:22, 0] smbd/service.c:make_connection(381)
>   mbruntel logged in as admin user (root privileges)
>[2002/08/13 16:12:06, 0] smbd/service.c:make_connection(381)
>   mbruntel logged in as admin user (root privileges)
>[2002/08/13 16:12:11, 0] smbd/service.c:make_connection(381)
>   mbruntel logged in as admin user (root privileges)
>[2002/08/13 16:13:24, 0] smbd/service.c:make_connection(381)
>   mbruntel logged in as admin user (root privileges)
>[root at mitchbnj1 samba]#
>===ENDmachine log : Stevedallas:
>   (before changing to domain outland)===
>
>
>===Start machine log : lola:
>   (after changing to domain outland)===
>
>[2002/08/13 16:05:08, 0] rpc_server/srv_netlog_nt.c:get_md4pw(176)
>   get_md4pw: Workstation stevedallas$: no account in domain
>[2002/08/13 16:05:15, 0] smbd/service.c:make_connection(381)
>   mbruntel logged in as admin user (root privileges)
>[2002/08/13 16:05:15, 0] smbd/service.c:make_connection(248)
>   stevedallas (192.168.10.184) couldn't find service bigfiles
>[2002/08/13 16:05:22, 0] smbd/service.c:make_connection(381)
>   mbruntel logged in as admin user (root privileges)
>[2002/08/13 16:12:06, 0] smbd/service.c:make_connection(381)
>   mbruntel logged in as admin user (root privileges)
>[2002/08/13 16:12:11, 0] smbd/service.c:make_connection(381)
>   mbruntel logged in as admin user (root privileges)
>[2002/08/13 16:13:24, 0] smbd/service.c:make_connection(381)
>   mbruntel logged in as admin user (root privileges)
>
>
>***Start NMBD file ***
>
>This is Mitch's NMBD file:
>
>   Netbios nameserver version 2.2.3a started.
>   Copyright Andrew Tridgell and the Samba Team 1994-2002
>[2002/08/13 15:47:37, 0] nmbd/asyncdns.c:start_async_dns(148)
>   started asyncdns process 1381
>[2002/08/13 15:47:37, 0] libsmb/namequery.c:getlmhostsent(514)
>   getlmhostsent: too many columns in lmhosts file (obsolete syntax)
>[2002/08/13 15:47:37, 0] nmbd/nmbd_logonnames.c:add_logon_names(156)
>   add_domain_logon_names:
>   Attempting to become logon server for workgroup OUTLAND on subnet 
> 192.168.10.187
>[2002/08/13 15:47:37, 0] nmbd/nmbd_logonnames.c:add_logon_names(156)
>   add_domain_logon_names:
>   Attempting to become logon server for workgroup OUTLAND on subnet 
> UNICAST_SUBNET
>[2002/08/13 15:47:37, 0] 
>nmbd/nmbd_become_dmb.c:become_domain_master_browser_wins(339)
>   become_domain_master_browser_wins:
>   Attempting to become domain master browser on workgroup OUTLAND, subnet 
> UNICAST_SUBNET.
>[2002/08/13 15:47:37, 0] 
>nmbd/nmbd_become_dmb.c:become_domain_master_browser_wins(352)
>   become_domain_master_browser_wins: querying WINS server at IP 
> 192.168.10.187 for domain master browser name OUTLAND on workgroup OUTLAND
>[2002/08/13 15:47:37, 0] 
>nmbd/nmbd_logonnames.c:become_logon_server_success(114)
>   become_logon_server_success: Samba is now a logon server for workgroup 
> OUTLAND on subnet UNICAST_SUBNET
>[2002/08/13 15:47:37, 0] 
>nmbd/nmbd_become_dmb.c:become_domain_master_stage2(115)
>   *****
>
>   Samba server OUTLANDSVR is now a domain master browser for workgroup 
> OUTLAND on subnet UNICAST_SUBNET
>
>   *****
>[2002/08/13 15:47:37, 0] 
>nmbd/nmbd_become_dmb.c:become_domain_master_browser_bcast(291)
>   become_domain_master_browser_bcast:
>   Attempting to become domain master browser on workgroup OUTLAND on 
> subnet 192.168.10.187
>[2002/08/13 15:47:37, 0] 
>nmbd/nmbd_become_dmb.c:become_domain_master_browser_bcast(304)
>   become_domain_master_browser_bcast: querying subnet 192.168.10.187 for 
> domain master browser on workgroup OUTLAND
>[2002/08/13 15:47:41, 0] 
>nmbd/nmbd_logonnames.c:become_logon_server_success(114)
>   become_logon_server_success: Samba is now a logon server for workgroup 
> OUTLAND on subnet 192.168.10.187
>[2002/08/13 15:47:41, 0] 
>nmbd/nmbd_responserecordsdb.c:find_response_record(236)
>   find_response_record: response packet id 23895 received with no 
> matching record.
>[2002/08/13 15:47:41, 0] 
>nmbd/nmbd_responserecordsdb.c:find_response_record(236)
>   find_response_record: response packet id 23896 received with no 
> matching record.
>[2002/08/13 15:47:45, 0] 
>nmbd/nmbd_become_dmb.c:become_domain_master_stage2(115)
>   *****
>
>   Samba server OUTLANDSVR is now a domain master browser for workgroup 
> OUTLAND on subnet 192.168.10.187
>
>   *****
>[2002/08/13 15:48:00, 0] 
>nmbd/nmbd_become_lmb.c:become_local_master_stage2(404)
>   *****
>
>   Samba name server OUTLANDSVR is now a local master browser for 
> workgroup OUTLAND on subnet 192.168.10.187
>
>   ***** ***END of NMBD file ***
>
>*** log.smbd
>
>[2002/08/13 15:07:23.870957, 3, effective(0, 0), real(0, 0)] 
>smbd/server.c:exit_server(492)
>   Server exit (caught signal)
>[2002/08/13 15:47:36, 0] smbd/server.c:main(698)
>   smbd version 2.2.3a started.
>   Copyright Andrew Tridgell and the Samba Team 1992-2002
>[root at mitchbnj1 samba]# _[K
>
>*** log.smbd
>
>
>
>------------------------------------------------
>Join Excite! - http://www.excite.com
>The most personalized portal on the Web!
>--
>To unsubscribe from this list go to the following URL and read the
>instructions:  http://lists.samba.org/mailman/listinfo/samba

More information about the samba mailing list