[Samba] net rpc vampire - cannot login to migrated computer accounts

Craig White craigwhite at azapple.com
Sat Nov 12 14:40:51 GMT 2005 

On Sat, 2005-11-12 at 15:32 +0100, Christoph Peus wrote:
> Hello experts,
> 
> I've migrated our NT4 domain to sambe 3.0.20b/ldap backend with "net rpc 
> vampire", and nearly everything works as expected. But one big problem 
> remains: it's not possible to login to the domains member maschines now, 
> because "the domain is not available at the moment" (translated from 
> german). After the maschine rejoined the samba domain, login works. (But 
> this is not an option for our ~500 maschines...)
> 
> I have looked at the computer account of one maschine after the migration 
> and after I rejoined the domain manually. There's a difference:
> 
> after "net rpc vampire" migration:
> 
> dn: uid=BIT59$,ou=computers,dc=uni-wh,dc=de
> objectClass: top
> objectClass: inetOrgPerson
> objectClass: posixAccount
> objectClass: sambaSamAccount
> cn: BIT59$
> sn: BIT59$
> uid: BIT59$
> uidNumber: 22693
> gidNumber: 515
> homeDirectory: /dev/null
> loginShell: /bin/false
> description: Computer
> gecos: Computer
> structuralObjectClass: inetOrgPerson
> entryUUID: 4de87562-e740-1029-802b-d5f8fbe677cd
> creatorsName: cn=smbldap-tools,ou=DSA,dc=uni-wh,dc=de
> createTimestamp: 20051111204849Z
> sambaSID: S-1-5-21-1139895982-289624505-398547282-4370
> sambaPrimaryGroupSID: S-1-5-21-1139895982-289624505-398547282-515
> displayName: BIT59$
> sambaLogonTime: 1131741671
> sambaNTPassword: 6D4D1F74BA851B7DB9DBCBA966C00AEF
> sambaPwdLastSet: 1131727258
> sambaAcctFlags: [W          ]
> entryCSN: 20051111204858Z#000001#00#000000
> modifiersName: cn=samba,ou=DSA,dc=uni-wh,dc=de
> modifyTimestamp: 20051111204858Z
> 
> Something wrong here?
> 
> 
> after the maschine rejoined the domain:
> 
> dn: uid=bit59$,ou=computers,dc=uni-wh,dc=de
> objectClass: top
> objectClass: inetOrgPerson
> objectClass: posixAccount
> objectClass: sambaSamAccount
> cn: bit59$
> sn: bit59$
> uid: bit59$
> uidNumber: 22694
> gidNumber: 515
> homeDirectory: /dev/null
> loginShell: /bin/false
> description: Computer
> gecos: Computer
> structuralObjectClass: inetOrgPerson
> entryUUID: f490cd82-e7b4-1029-8a6d-c4cb6795876f
> creatorsName: cn=smbldap-tools,ou=DSA,dc=uni-wh,dc=de
> createTimestamp: 20051112104350Z
> sambaSID: S-1-5-21-1139895982-289624505-398547282-46388
> sambaPrimaryGroupSID: S-1-5-21-1139895982-289624505-398547282-515
> displayName: BIT59$
> sambaPwdCanChange: 1131878635
> sambaPwdMustChange: 1142160235
> sambaNTPassword: 22E8E02D746C544A1DB0D183715C2D86
> sambaPwdLastSet: 1131792235
> sambaAcctFlags: [W          ]
> entryCSN: 20051112104358Z#000001#00#000000
> modifiersName: cn=samba,ou=DSA,dc=uni-wh,dc=de
> modifyTimestamp: 20051112104358Z
> 
> Obviously the "sambaPwdCanChange" and "sambaPwdMustChange" attributes are 
> missing in the computer account after migration. Could this cause the 
> problem or do I search at the wrong place?
> 
> Thanks in advance for your support!
----
it's easy enough to fix with the pdbedit command, set those values and
then try to log in.

Craig


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

More information about the samba mailing list