[Samba] Renamed Samba Domain, now machine accounts fail

Zack Lawson zack at interactivate.com
Fri Oct 1 00:13:59 GMT 2004 

Hello Everyone,

Situation:
I have been testing Samba-3.07 for its NT4 domain functionality so that
I can migrate from Samba-2.2. I had setup the Samba domain and
everything was working quite well. I had initially been working with a
domain called "TEST". Now that I am finished with my initial testing, I
wanted to rename the domain to something I would be able to keep. After
changing "workgroup = test" to "workgroup = interact", many problems
followed.

Obviously doing this causes problems with the SID, and any machine
accounts that are attached to this domain. I have since removed all
system accounts, but I can not log in to the domain. When trying to add
a machine to the domain, everything seems to be working. The machine
account gets added to the passwd file and the smbpasswd file, and the
workstation reports that it joined the domain successfully. After a
reboot, when trying to log in, I get the error "The system cannot log
you on to this domain because the system's computer account in its
primary domain is missing or the password on that account is correct".
I have monitored what happens when the workstation adds itself to the
domain, and the machine account is getting added at that time.

Do I have a problem with my SID? I don't have an existing SID that i
care about, so if I want to reset the SID to something else ... what
should I set it to?

System Info:
FreeBSD-4.9 using NIS
Samba-3.0.7 (from source, not ports)


smb.conf
[global]

   # Main Server Options
   netbios name = zeus
   workgroup = interact

   domain master = yes
   local master = yes
   preferred master = yes
   os level = 240
   dns proxy = no

   security = user
   passdb backend = smbpasswd    root = administrator    restrict
anonymous = 2 
   domain logons = yes
   logon path = \\%L\profiles\%U
   logon script = %U.bat
   logon drive = U:
   root preexec = /usr/local/scripts/genlogon.pl %U %G %L
    # Script Options
   passwd program = /usr/bin/passwd %u
   passwd chat = *New*password*%n\n*Retype*New*Password*%n\n

  add user script = /usr/sbin/pw useradd %u -c %u -d /u1/%u -g 200 -m -w
no -s /bin/date -Y   add group script = /usr/sbin/pw groupadd %g -Y
  add machine script = /usr/sbin/pw useradd %u -c workstation -d
/dev/null -g 150 -s /bin/false -Y
  delete group script = /usr/sbin/pw groupdel %g -Y

   # TODO add wrapper to remove nis & samba passwd
;  delete user script = /usr/sbin/pw userdel %u -Y
;  delete user script = /usr/local/samba/sbin/smbpasswd -x %u
;  add user to group script?
;  delete user from group script?

   server string = Zeus - PDC
   interfaces = 10.10.8.28
   hosts allow = 127. 10.10.8.
   socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
   log file = /var/log/samba/log.%m
   max log size = 50

   time server = yes

   load printers = no
;   printcap name = /etc/printcap
;   printing = cups

#============================ Share Definitions
==============================

[netlogon]
        path = /STORAGE/netlogon
        writable = no
        browsable = no
        write list = @domainadmin @wheel

[profiles]
        path = /STORAGE/ntprofiles
        read only = no
        browseable = no
        create mask = 0600
        directory mask = 0700



Any help would be greatly appreciated.

-- 
Zack Lawson
Network Administrator @ Inter at ctivate, Inc.
www.interactivate.com

More information about the samba mailing list