[Samba] Tearing my hair out:

Sherwood Botsford sgbotsford at gmail.com
Wed Dec 19 19:40:03 GMT 2007

Sherwood Botsford wrote:
> I have a samba 2.2.8a PDC, no windows servers at all.
> The local network works.  Conan, the PDC also acts as a WINS server.  
> Postie, the DHCP server sets:
> option netbios-name-servers ;
> option netbios-node-type 2 ;
> All clients have lmhosts file with:
>   conan   #pre #dom:sjsa
>   postie  #pre
> Last week I needed to reinstall a computer, named pixel
> On server I ran
> smbpasswd -a -m pixel
> to reset the machine account password.
> Pixel runs Win2k SP4
> I go to Pixel and move it to the domain.
> Usual signin and password of domain administrator.
> Long Pause.  "Welcome to SJSA domain"
> Reboot.
> Now if I try to log in to a domain account, I get the message:
> "The system cannot log you on to this domain because the system computer 
> account in its primary domain is missing or the password on that account 
> is incorrect."
> Looking in pixel.log I see:
> [2007/12/11 10:41:25, 0] smbd/password.c:domain_client_validate(1558)
>   domain_client_validate: could not fetch trust account password for 
> domain SJSA
> Looking further, this is a common message in the log files, occuring 
> just before shares connect normally.
> Not sure what else to look for.

Problem solved.

I had two hosts with the same UID in both master.passwd and in 
smbpasswd.  So in this case both jabberwocky$ and pixel$ had 
UID's of 5100.

How did this happen?  Easy.  All machines are group 5000.  I use 
the last octet of the IP to give them a unique UID.  Jabberwocky 
was turfed.  In recycling the IP I failed to remove the old name 
from master.passwd and smbpasswd.

(So many places:

Sigh.  Anyway, posting this so that the Next Guy can find it 

More information about the samba mailing list