[Samba] NT4 PDC Account transfer

Craig White craigwhite at azapple.com
Thu Jan 22 16:46:46 GMT 2004 

On Thu, 2004-01-22 at 06:59, Sohail Hasan wrote:
> Craig White wrote:
> > On Wed, 2004-01-21 at 22:31, Sohail Hasan wrote:
> >   

> > If you are using some other backend passdb, you will need to follow
> > those directions.
> > 
> > Craig
> >   
> Craig,
> 
> What I want to do is to make use of the /etc/samba/smbpasswd and the
> traditional unix /etc/passwd for authentication. Now to narrow down
> the problem I am first trying to make the linux system as a working
> PDC. I performed all the necessary steps required for samba PDC like
> machine account creation, user account creation in both /etc/passwd
> and smbpasswd file, when I am trying to join the domain from the WIN2K
> system it is not successful, the WIN2K Is giving user account not
> correct and login credential erros and I am getting this in my log
> files:
> 
>   netbios connect: local=linbdc remote=shasan, name type = 0
> [2004/01/22 18:38:01, 2] lib/access.c:check_access(324)
>   Allowed connection from  (192.168.0.3)
> [2004/01/22 18:38:01, 2] smbd/reply.c:reply_special(93)
>   netbios connect: name1=LINBDC          name2=SHASAN
> [2004/01/22 18:38:01, 2] smbd/reply.c:reply_special(100)
>   netbios connect: local=linbdc remote=shasan, name type = 0
> 
>  and in log.nmbd
> 
>  process_logon_packet: Logon from 192.168.0.3: code = 0x12
> [2004/01/22 18:39:03, 1]
> nmbd/nmbd_processlogon.c:process_logon_packet(95)
>   process_logon_packet: Logon from 192.168.0.3: code = 0x12
> [2004/01/22 18:39:03, 1]
> nmbd/nmbd_processlogon.c:process_logon_packet(95)
>   process_logon_packet: Logon from 192.168.0.3: code = 0x12
> [2004/01/22 18:39:03, 1]
> nmbd/nmbd_processlogon.c:process_logon_packet(95)
>   process_logon_packet: Logon from 192.168.0.3: code = 0x7
> 
> However I can access the system as well as the defined shares on the
> linux system from the Explorer.
---
Seems to me the following steps should be (should have been) taken...

stop smbd / nmbd daemons
set up smb.conf to be like a BDC
domain logons = yes
domain master = yes
preferred master = no
workgroup = NAME_OF_DOMAIN
security type = domain

net rpc join -S DOMAIN_PDC -W DOMAIN -U
Administrator%administrator_password #join machine to domain

net rpc vampire -S DOMAIN_PDC -U Administrator%administrator_password
#to suck users/groups/machine account info from PDC

turn off (or switch off netlogon service on PDC)

change smb.conf
preferred master = yes
security type = user

kill off any smbd/nmbd daemons that may have been launched by net
join/net vampire process and start them

System should be a domain controller with all the accounts BUT...

That still doesn't answer the question of why the user accounts didn't
get added when the vampire script ran. That depends upon whatever script
you are using in smb.conf to add users. Before you do any of the above,
make sure that you can add a new user with smbpasswd...

smbpasswd -a testuser

if this works, the above steps to get net rpc vampire should work
if smbpasswd -a testuser fails, then you must concentrate on fixing that
first.

Craig

More information about the samba mailing list