[Samba] Can not add a new NT Workstation to a new (vampired) samba domain

Stephen Vermeulen stephen at vermeulen.ca
Tue Dec 11 04:56:40 GMT 2007 

Stephen Vermeulen wrote:
> I am replacing an old NT4.0 Server with a debian 4.0R1 etch Linux 
> server (samba 3.0.24).
>
> This was with a completely fresh install of debian.
>
>
...

> I then decided to try adding a new Windows XP Pro workstation to the 
> domain (it had previously
> been a member, but I had removed it from the old domain to experiment 
> with moving user profiles between
> domains).
>
> When I told it to join the domain it returned an error telling me that 
> it could not find the domain.
> So I thought "maybe a BDC cannot join new machines to the domain". 
> (The NT4 PDC was switched
> off at this time).
>
> So then I stopped samba and set:
>
> domain master = yes
> wins support = yes
>
> and restarted samba.
>
> Then when I tried to add the machine I got a Windows error dialog saying:
>
>   The following error occurred while attempting to join the domain 
> "Butler":
>   The user name could not be found.
>
> I was using the "Administrator" user name, and I was able to log into
> the BUTLER domain on another Windows box as the Administrator and
> access the file share on the samba box and create new files in the folder
> owned by Administrator.
Since the BDC SID was not the same as the PDC's SID I used the net command
to fetch the SID from the PDC and write it to the BDC. Now a "net 
getlocalsid"
reports the same SID. 

Shouldn't net vampire have made the BDC have the same SID as the PDC?

After doing this the error changed to "Access is denied"

I then redid the net vampire, but this did not change things.

I have increased the log level to 2 and the following log file section
is what happens when I try to add the new machine.  Also, here is the 
current
version of the smb.conf file:

star4:/etc/samba# cat smb.conf
[global]
     workgroup = BUTLER
     netbios name = STAR4
     passdb backend = tdbsam
     domain master = Yes
     domain logons = Yes
     wins support = yes
     os level = 40
     log level = 2
     add user script = /usr/sbin/useradd -m '%u'
     delete user script = /usr/sbin/userdel -r '%u'
     add group script = /usr/sbin/groupadd '%g'
     delete group script = /usr/sbin/groupdel '%g'
     add user to group script = /usr/sbin/usermod -G '%g' '%u'
     add machine script = /usr/sbin/useradd -s /bin/false -d /dev/null '%u'
#     wins server = [IP of wins server]

[files]
        comment = SAMBA File Server
        path = /home/files
        read only = No

star4:/etc/samba#

And the log.smbd file:

[2007/12/10 14:45:44, 2] smbd/reply.c:reply_special(496)
  netbios connect: name1=STAR4           name2=TULLY         
[2007/12/10 14:45:44, 2] smbd/reply.c:reply_special(503)
  netbios connect: local=star4 remote=tully, name type = 0
[2007/12/10 14:45:44, 0] lib/util_sock.c:write_data(562)
  write_data: write failure in writing to client 192.168.128.103. Error 
Connection reset by peer
[2007/12/10 14:45:44, 0] lib/util_sock.c:send_smb(769)
  Error writing 4 bytes to client. -1. (Connection reset by peer)
[2007/12/10 14:45:44, 2] smbd/sesssetup.c:setup_new_vc_session(799)
  setup_new_vc_session: New VC == 0, if NT4.x compatible we would close 
all old resources.
[2007/12/10 14:45:44, 2] smbd/sesssetup.c:setup_new_vc_session(799)
  setup_new_vc_session: New VC == 0, if NT4.x compatible we would close 
all old resources.
[2007/12/10 14:45:44, 2] auth/auth.c:check_ntlm_password(309)
  check_ntlm_password:  authentication for user [administrator] -> 
[administrator] -> [Administrator] succeeded
[2007/12/10 14:45:44, 2] smbd/reply.c:reply_tcon_and_X(711)
  Serving IPC$ as a Dfs root
[2007/12/10 14:45:45, 2] smbd/reply.c:reply_special(496)
  netbios connect: name1=STAR4           name2=TULLY         
[2007/12/10 14:45:45, 2] smbd/reply.c:reply_special(503)
  netbios connect: local=star4 remote=tully, name type = 0
[2007/12/10 14:45:45, 0] lib/util_sock.c:write_data(562)
  write_data: write failure in writing to client 192.168.128.103. Error 
Connection reset by peer
[2007/12/10 14:45:45, 0] lib/util_sock.c:send_smb(769)
  Error writing 4 bytes to client. -1. (Connection reset by peer)
[2007/12/10 14:45:45, 2] smbd/sesssetup.c:setup_new_vc_session(799)
  setup_new_vc_session: New VC == 0, if NT4.x compatible we would close 
all old resources.
[2007/12/10 14:45:45, 2] smbd/sesssetup.c:setup_new_vc_session(799)
  setup_new_vc_session: New VC == 0, if NT4.x compatible we would close 
all old resources.
[2007/12/10 14:45:45, 2] auth/auth.c:check_ntlm_password(309)
  check_ntlm_password:  authentication for user [administrator] -> 
[administrator] -> [Administrator] succeeded
[2007/12/10 14:45:45, 2] smbd/reply.c:reply_tcon_and_X(711)
  Serving IPC$ as a Dfs root
[2007/12/10 14:45:45, 2] rpc_server/srv_samr_nt.c:_samr_lookup_domain(2797)
  Returning domain sid for domain BUTLER -> 
S-1-5-21-1965320917-1955335400-7473742
[2007/12/10 14:45:45, 0] passdb/pdb_tdb.c:tdbsam_open(818)
  tdbsam_open: Failed to open/create TDB passwd [/var/lib/samba/passdb.tdb]
[2007/12/10 14:45:45, 0] passdb/pdb_tdb.c:tdb_update_sam(1335)
  tdbsam_getsampwnam: failed to open /var/lib/samba/passdb.tdb!

You can see the the machine being added is called "TULLY" and the PDC is 
called "STAR4"
and the problem seems to be right near the end with:

tdbsam_open: Failed to open/create TDB passwd [/var/lib/samba/passdb.tdb]
[2007/12/10 14:45:45, 0] passdb/pdb_tdb.c:tdb_update_sam(1335)
  tdbsam_getsampwnam: failed to open /var/lib/samba/passdb.tdb!

Any ideas?  Or should I increase the log level...

Thanks,

Stephen

More information about the samba mailing list