[Samba] net rpc vampire - cannot login to migrated computer accounts

Christoph Peus cp at peus.net
Sat Nov 12 14:32:58 GMT 2005 

Hello experts,

I've migrated our NT4 domain to sambe 3.0.20b/ldap backend with "net rpc 
vampire", and nearly everything works as expected. But one big problem 
remains: it's not possible to login to the domains member maschines now, 
because "the domain is not available at the moment" (translated from 
german). After the maschine rejoined the samba domain, login works. (But 
this is not an option for our ~500 maschines...)

I have looked at the computer account of one maschine after the migration 
and after I rejoined the domain manually. There's a difference:

after "net rpc vampire" migration:

dn: uid=BIT59$,ou=computers,dc=uni-wh,dc=de
objectClass: top
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: sambaSamAccount
cn: BIT59$
sn: BIT59$
uid: BIT59$
uidNumber: 22693
gidNumber: 515
homeDirectory: /dev/null
loginShell: /bin/false
description: Computer
gecos: Computer
structuralObjectClass: inetOrgPerson
entryUUID: 4de87562-e740-1029-802b-d5f8fbe677cd
creatorsName: cn=smbldap-tools,ou=DSA,dc=uni-wh,dc=de
createTimestamp: 20051111204849Z
sambaSID: S-1-5-21-1139895982-289624505-398547282-4370
sambaPrimaryGroupSID: S-1-5-21-1139895982-289624505-398547282-515
displayName: BIT59$
sambaLogonTime: 1131741671
sambaNTPassword: 6D4D1F74BA851B7DB9DBCBA966C00AEF
sambaPwdLastSet: 1131727258
sambaAcctFlags: [W          ]
entryCSN: 20051111204858Z#000001#00#000000
modifiersName: cn=samba,ou=DSA,dc=uni-wh,dc=de
modifyTimestamp: 20051111204858Z

Something wrong here?


after the maschine rejoined the domain:

dn: uid=bit59$,ou=computers,dc=uni-wh,dc=de
objectClass: top
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: sambaSamAccount
cn: bit59$
sn: bit59$
uid: bit59$
uidNumber: 22694
gidNumber: 515
homeDirectory: /dev/null
loginShell: /bin/false
description: Computer
gecos: Computer
structuralObjectClass: inetOrgPerson
entryUUID: f490cd82-e7b4-1029-8a6d-c4cb6795876f
creatorsName: cn=smbldap-tools,ou=DSA,dc=uni-wh,dc=de
createTimestamp: 20051112104350Z
sambaSID: S-1-5-21-1139895982-289624505-398547282-46388
sambaPrimaryGroupSID: S-1-5-21-1139895982-289624505-398547282-515
displayName: BIT59$
sambaPwdCanChange: 1131878635
sambaPwdMustChange: 1142160235
sambaNTPassword: 22E8E02D746C544A1DB0D183715C2D86
sambaPwdLastSet: 1131792235
sambaAcctFlags: [W          ]
entryCSN: 20051112104358Z#000001#00#000000
modifiersName: cn=samba,ou=DSA,dc=uni-wh,dc=de
modifyTimestamp: 20051112104358Z

Obviously the "sambaPwdCanChange" and "sambaPwdMustChange" attributes are 
missing in the computer account after migration. Could this cause the 
problem or do I search at the wrong place?

Thanks in advance for your support!

Christoph

More information about the samba mailing list