[Samba] Machine accounts by migrating from smbpasswd to ldapsam

Mon Nov 1 11:15:51 GMT 2004

Hi all,

I'm wondering what about machine accounts (WinXP) by migrating from 
Samba 2.2.8 with authentication backend /etc/smbpasswd to Samba 3.0.4 
with ldapsam.

Is it possible just to take NT hash from smbpasswd and paste it to 
ldap record as sambaNTPassword?

I'm not able to login from machine vs3 to new domain. My 
configuration files and log files follow. The Samba-SID is the same 
on the old server and on the new server.

How to transport machine accounts from the old backend to the new 
without reconnecting machines to the new domain? Do you know where is 
the problem?

Thanx for your help
Tomas Lohr

The record from /etc/smbpasswd looks like:

vs3$:501:F74786067472.....3E527018D189760:382721F51C7C.....C9C1E9A81B5
B145:[W           ]:LCT-416E659B:

The specific record from ldap looks like:

hp3:/ # ldapsearch -x -D "cn=Manager,dc=moser-glass,dc=com" -W  -b 
'dc=moser-glass,dc=com' 'cn=vs3$'

Enter LDAP Password:
# extended LDIF
#
# LDAPv3
# base <dc=moser-glass,dc=com> with scope sub
# filter: cn=vs3$
# requesting: ALL
#

# VS3$, Computers, moser-glass.com
dn: uid=VS3$,ou=Computers,dc=moser-glass,dc=com
gidNumber: 513
homeDirectory: /dev/null
loginShell: /bin/false
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: sambaSamAccount
sambaPwdLastSet: 0
sambaLogonTime: 0
sambaLogoffTime: 2147483647
sambaKickoffTime: 2147483647
sambaPwdCanChange: 0
sambaPwdMustChange: 0
sambaSID: S-1-5-21-1065381148-2072401369-4150041673-3180
sambaPrimaryGroupSID: S-1-5-21-1065381148-2072401369-4150041673-553
uidNumber: 501
sambaAcctFlags: [W           ]
cn: vs3$
sn: vs3$
uid: vs3$
description: Computer VS3
sambaNTPassword: 382721F51C7C.....C9C1E9A81B5B145
sambaLMPassword: F74786067472.....3E527018D189760

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1

The samba log /var/log/samba/log.vs3 writes:

[2004/10/29 18:09:47, 2] passdb/pdb_ldap.c:init_sam_from_ldap(483)
  init_sam_from_ldap: Entry found for user: vs3$
[2004/10/29 18:09:47, 0] rpc_server/srv_netlog_nt.c:get_md4pw(218)
  get_md4pw: Workstation VS3$: no account in domain
[2004/10/29 18:09:47, 2] passdb/pdb_ldap.c:init_sam_from_ldap(483)
  init_sam_from_ldap: Entry found for user: vs3$
[2004/10/29 18:09:47, 0] rpc_server/srv_netlog_nt.c:get_md4pw(218)
  get_md4pw: Workstation VS3$: no account in domain
[2004/10/29 18:09:58, 2] smbd/server.c:exit_server(568)
  Closing connections

Important part of new /etc/samba/smb.conf:

[global]
        server string = hp3
        netbios name = HP3
        workgroup = MOSERAS
        domain master = Yes
        preferred master = Yes
        domain logons = Yes
        dos charset = 852
        unix charset = ISO-8859-2
        os level = 99

        time server = Yes
        wins support = yes
        name resolve order = wins lmhosts bcast host
        max log size = 1000
        log file = /var/log/samba/log.%m
        log level = 2
        syslog = 0
        lanman auth = Yes
        map acl inherit = Yes
        null passwords = No
        interfaces = eth0
        encrypt passwords = true
        winbind use default domain = Yes
        passdb backend = ldapsam:ldap://localhost
        min password length = 5

        ldap admin dn = "cn=Manager,dc=moser-glass,dc=com"
        ldap delete dn = No
        ldap suffix = dc=moser-glass,dc=com
        ldap machine suffix = ou=Computers
        ldap group suffix = ou=Groups
        ldap user suffix = ou=People
        ldap passwd sync = Yes
        ldap idmap suffix = ou=Idmap
        pam password change = No
        idmap gid = 10000-20000
        idmap uid = 10000-20000