[Samba] Cannot find Primary Domain - Please help, rather urgent
Andrew Bartlett
abartlet at pcug.org.au
Sat May 11 18:25:01 GMT 2002
John Biggs wrote:
>
> Hello,
>
> I'm getting a persistent error at login (effectively locking me out) on
> two Win2k machines that were once assigned to a domain on my windows
> network (win2k server was once the PDC, just changed to Samba)
>
> Cannot log you into the primary because the system's computer account
> is missing or the password was incorrect.
>
> The old domain was:
> yrbmag.yellowrat.com
>
> and I'd like every just to be in workgroup YRBMAG
>
> My configure file follows. What am I doing wrong? Is there a way to fake
> the domain so I can login and switch to the workgroup? Luckily enough,
> the previous admin here at the shop forgot the admin passwords for both
> machines, rendering my job even harder. Super!
You cannot just 'swap' and NT domain for a Samba domain. Currently,
this is only theoreticly possilble with Samba 3.0, and ONLY IF you copy
the domain SID, all the users and their passwords across into LDAP,
including their RIDs. Groups would also need to be correctly mapped.
This is becouse the machine is attempting to find a domain controller
with both the correct SID, and that knows the same machine account
password. This only really occurs in a PDC->BDC setup (which is what
Samba would be, a promoted BDC).
The next best option is to add a new domain, and join the machines to
that domain. This is not an easy option in your case, having lost the
local admin passwords.
Your only options are to either restore the Win2k PDC, or break into the
clients.
Andrew Bartlett
--
Andrew Bartlett abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team abartlet at samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
http://samba.org http://build.samba.org http://hawkerc.net
More information about the samba
mailing list