[Samba] Renamed Samba Domain, now machine accounts fail
Zack Lawson
zack at interactivate.com
Fri Oct 1 00:13:59 GMT 2004
Hello Everyone,
Situation:
I have been testing Samba-3.07 for its NT4 domain functionality so that
I can migrate from Samba-2.2. I had setup the Samba domain and
everything was working quite well. I had initially been working with a
domain called "TEST". Now that I am finished with my initial testing, I
wanted to rename the domain to something I would be able to keep. After
changing "workgroup = test" to "workgroup = interact", many problems
followed.
Obviously doing this causes problems with the SID, and any machine
accounts that are attached to this domain. I have since removed all
system accounts, but I can not log in to the domain. When trying to add
a machine to the domain, everything seems to be working. The machine
account gets added to the passwd file and the smbpasswd file, and the
workstation reports that it joined the domain successfully. After a
reboot, when trying to log in, I get the error "The system cannot log
you on to this domain because the system's computer account in its
primary domain is missing or the password on that account is correct".
I have monitored what happens when the workstation adds itself to the
domain, and the machine account is getting added at that time.
Do I have a problem with my SID? I don't have an existing SID that i
care about, so if I want to reset the SID to something else ... what
should I set it to?
System Info:
FreeBSD-4.9 using NIS
Samba-3.0.7 (from source, not ports)
smb.conf
[global]
# Main Server Options
netbios name = zeus
workgroup = interact
domain master = yes
local master = yes
preferred master = yes
os level = 240
dns proxy = no
security = user
passdb backend = smbpasswd root = administrator restrict
anonymous = 2
domain logons = yes
logon path = \\%L\profiles\%U
logon script = %U.bat
logon drive = U:
root preexec = /usr/local/scripts/genlogon.pl %U %G %L
# Script Options
passwd program = /usr/bin/passwd %u
passwd chat = *New*password*%n\n*Retype*New*Password*%n\n
add user script = /usr/sbin/pw useradd %u -c %u -d /u1/%u -g 200 -m -w
no -s /bin/date -Y add group script = /usr/sbin/pw groupadd %g -Y
add machine script = /usr/sbin/pw useradd %u -c workstation -d
/dev/null -g 150 -s /bin/false -Y
delete group script = /usr/sbin/pw groupdel %g -Y
# TODO add wrapper to remove nis & samba passwd
; delete user script = /usr/sbin/pw userdel %u -Y
; delete user script = /usr/local/samba/sbin/smbpasswd -x %u
; add user to group script?
; delete user from group script?
server string = Zeus - PDC
interfaces = 10.10.8.28
hosts allow = 127. 10.10.8.
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
log file = /var/log/samba/log.%m
max log size = 50
time server = yes
load printers = no
; printcap name = /etc/printcap
; printing = cups
#============================ Share Definitions
==============================
[netlogon]
path = /STORAGE/netlogon
writable = no
browsable = no
write list = @domainadmin @wheel
[profiles]
path = /STORAGE/ntprofiles
read only = no
browseable = no
create mask = 0600
directory mask = 0700
Any help would be greatly appreciated.
--
Zack Lawson
Network Administrator @ Inter at ctivate, Inc.
www.interactivate.com
More information about the samba
mailing list