[Samba] net rpc vampire

Julian Pilfold-Bagwell julianpb at gmail.com
Thu Sep 1 15:26:51 GMT 2005

Ok folks, here goes:

We have an old NT4 machine that we wish to replace as the PDC on our network.

In it's place, we've got a dual xeon box with Mandrake LE2005 and Samba 
3.0.13-2 and I'm currently trying to draw the accounts over with vampire. I'm 
using tdbsam as a backend.

I've been through  several readme's and howto's and have created all the UNIX 
accounts, mapped unix groups to Windows groups etc and the NT4 server sees it 
as a BDC.

When I run:

 net rpc getsid -S NTserver -W SCHOOL -Uuser%password      (and the 
credentials aren't the real ones there)

I get:

Storing SID S-1-5-WHATEVER-THE-SID-IS for Domain SCHOOL in secrets.tdb

If I then run:

net rpc vampire -S NTServer -W SCHOOL -Uuser%password

it returns "could not retrieve domain trust secret" 

Running smb4k I can log into the domain controller and browse all the shares 
including the admin only ones so I'm sure that that name/password combination 
is fine.

One other thing is that I get the reply "Error domain join verification 
(reused connection)" when I run "net rpc join.... blah blah" but according to 
the nmbd log it is functioning as a BDC - Problem?

Also, I can find no way of seeing whether or not the SID was copied into the 
secrets.tdb file. Is there a way?

The smb.conf is as shown below:

workgroup = SCHOOL
netbios name = LINUXSERVER
server string = Samba Server %v
log file = /var/log/samba/log.%m
max log size = 50
log level = 3
hosts allow = xxx.xxx.xxx.xx, xxx.xxx.xxx.xx
security = user
encrypt passwords = yes
passdb backend = tdbsam 
unix password sync = Yes
passwd program = /usr/bin/passwd '%u'
passwd chat = *New*UNIX*password* %n\n *Re*ype*new*UNIX*password* %n\n \
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
remote announce = xxx.xxx.xxx.xx, xxx.xxx.xxx.xx
domain logons = Yes
local master = No
domain master = No
preferred master = No
os level = 22
enable privileges = yes
name resolve order = bcast lmhost wins
add user script = /usr/sbin/useradd -s /bin/false '%u'
delete user script = /usr/sbin/userdel '%s'
add user to group script = /usr/bin/gpasswd -a '%u' '%g'
delete user from group script = /usr/bin/gpasswd -d '%u' '%g'
set primary group script = /usr/sbin/usermod -g '%g' '%u'
add group script = /usr/sbin/groupadd %g && getent group '%g'|awk -F: '{print 
delete group script = /usr/sbin/groupdel '%g'
add machine script = /usr/sbin/useradd -d /dev/null -g machines -c "machine 
account" -s /bin/false %u 
logon path = \\%L\Profiles\%G
logon script = %G.bat
logon drive = n:
logon home = \\xen\%u
wins support = no
wins server = xxx.xxx.xxx.xx
dns proxy = no

More information about the samba mailing list